Wednesday, July 28, 2021

Are You in Compliance with Open Source?

The Linux Foundation is delivering on its promise to help enterprises comply with open source licensing terms with a new self-assessment checklist.

At the LinuxCon event this past August, the Linux Foundation officially announced a new license compliance program to help ease adoption of open source technologies. The checklist is one of the deliverables of the new compliance program, though it’s not a complete solution to ensure that an enterprise is fully open source license compliance.

The self-assessment checklist for open source compliance provides enterprises with best practices on how to properly comply with open source license requirements. The checklist does not, however, provide a scoring mechanism by which enterprises can gauge their own levels of compliance.

“The checklist is intended for use as a diagnostic aid — to help companies identify gaps between their current practices and best or recommended practices from industry leaders,” Jim Zemlin, executive director at The Linux Foundation told “Because it’s a self-assessment, a company has to decide which gaps are most relevant and important to its own situation and its own open source usage profile.”

Even if an enterprise is able to check every checkbox on the checklist, they’re not necessarily 100 percent compliant, but it does help.

“If every box is checked, a company can be confident that they have a strong compliance program implemented that will allow them to discover open source software use in their products and help them to meet their obligations,” Zemlin said.

Though the Linux Foundation’s checklist is new, the practices it suggests are not. Zemlin commented that the checklist is a compilation of compliance best practices that have been adopted and proven by leading companies using open source software.

With the self-assessment checklist, the Linux Foundation isn’t seeking to provide guidance about specific open source license use-cases for the GPL license.

“The Self-Assessment Checklist’s primary purpose is to help discover and document open source software,” Zemlin said. “It does not provide interpretation regarding the GPL. The Checklist helps ensure you have the policies, tools and resources in place to be compliant with open source licenses.”

Overall, Zemlin noted that the reponse to the Linux Foundation’s compliance programs have been positive so far and work is contuining to support and expand the effort.

“We are experiencing a lot of interest in our free white papers, international compliance training and the Rapid Alert System where we connect developers and companies on license compliance issues,” Zemlin said. “We expect the checklist to be a key element of the Open Compliance Program and look forward to working with companies in the coming months to implement this important tool.”

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.

Similar articles

Latest Articles

Data Science Market Trends...

When famed mathematician John W. Tukey postulated that advanced computing would have a profound effect on data analysis, he probably didn’t imagine the full...

Data Recovery Market Trends...

Data recovery is more important than ever in this era of constant cyber attacks and ransomware. The Verizon Data Breach Investigations Report (DBIR) looked...

Trends in Data Visualization

In a world of big data, visualization is becoming a key skill set that every business must master.  Digital technology has transformed the way businesses...

Microsoft Data Portfolio Review

With a host of analytics services for almost any situation, Microsoft Azure’s data services have got just about every base covered.   In the world...