Thursday, May 23, 2024

Are You in Compliance with Open Source?

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The Linux Foundation is delivering on its promise to help enterprises comply with open source licensing terms with a new self-assessment checklist.

At the LinuxCon event this past August, the Linux Foundation officially announced a new license compliance program to help ease adoption of open source technologies. The checklist is one of the deliverables of the new compliance program, though it’s not a complete solution to ensure that an enterprise is fully open source license compliance.

The self-assessment checklist for open source compliance provides enterprises with best practices on how to properly comply with open source license requirements. The checklist does not, however, provide a scoring mechanism by which enterprises can gauge their own levels of compliance.

“The checklist is intended for use as a diagnostic aid — to help companies identify gaps between their current practices and best or recommended practices from industry leaders,” Jim Zemlin, executive director at The Linux Foundation told “Because it’s a self-assessment, a company has to decide which gaps are most relevant and important to its own situation and its own open source usage profile.”

Even if an enterprise is able to check every checkbox on the checklist, they’re not necessarily 100 percent compliant, but it does help.

“If every box is checked, a company can be confident that they have a strong compliance program implemented that will allow them to discover open source software use in their products and help them to meet their obligations,” Zemlin said.

Though the Linux Foundation’s checklist is new, the practices it suggests are not. Zemlin commented that the checklist is a compilation of compliance best practices that have been adopted and proven by leading companies using open source software.

With the self-assessment checklist, the Linux Foundation isn’t seeking to provide guidance about specific open source license use-cases for the GPL license.

“The Self-Assessment Checklist’s primary purpose is to help discover and document open source software,” Zemlin said. “It does not provide interpretation regarding the GPL. The Checklist helps ensure you have the policies, tools and resources in place to be compliant with open source licenses.”

Overall, Zemlin noted that the reponse to the Linux Foundation’s compliance programs have been positive so far and work is contuining to support and expand the effort.

“We are experiencing a lot of interest in our free white papers, international compliance training and the Rapid Alert System where we connect developers and companies on license compliance issues,” Zemlin said. “We expect the checklist to be a key element of the Open Compliance Program and look forward to working with companies in the coming months to implement this important tool.”

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles