Linux compliance program a response to surging open-source use

Linux Foundation's Open Compliance Program largely directed at open-source use in embedded devices, analysts say

The Open Compliance Program announced by the Linux Foundation on Tuesday is a response to the surging growth in the use of open-source technologies within enterprises, and by makers of consumer electronic and mobile devices, analysts say.

Much of the program appears to be directed at addressing what many analysts said is continuing confusion among makers of embedded devices about open-source licensing requirements. But enterprises can benefit from the program as well, they added.

The Linux Foundation, a nonprofit group that is focused on fostering Linux growth, announced a set of open-source tools, training materials and a self-assessment checklist designed to help companies comply with open-source license requirements.

The program is supported by several large vendors, including Google, Novell, IBM, Hewlett-Packard and Intel. Also supporting the effort are organizations such as the Software Freedom Law Center (SFLC), which provides free legal representation for developers of open-source software, and Gpl-violations.org, which is focused on raising awareness of open-source license violations.

The impetus for the initiative comes from the skyrocketing use of Linux as an embedded operating system in mobile, consumer electronic and numerous other products, said Jim Zemlin, executive director of the foundation.

The goal is to help companies fulfill their license obligations in as straightforward and low-cost a manner as possible, Zemlin said in a conversation with Computerworld today.

"Market adoption of open-source software has reached a scale that is unprecedented," he said. Companies ranging from embedded systems manufacturers to those with large supercomputer clusters are all using open-source software these days because of the cost and technology benefits, Zemlin said.

Many, though, appear not to understand or be fully informed about their obligations to share their source code with the broad community as they are required to, he noted.

"The Linux kernel alone has a $10 billion value, and that value comes from the fact that people are sharing it," Zemlin said. The compliance program will ensure that all of the technical and cost benefits that companies are deriving from open-source software "is matched by their ability to comply with the legal requirements of open-source licenses," he added.

Eben Moglen, founding director of the SFLC and a law professor at Columbia Law School, said the new effort is being driven largely by what's happening in the embedded world.

Most of the violations that the SFLC has observed and pursued have occurred among manufactures of embedded devices, Moglen said. In most cases, the violations stemmed from a lack of experience in open-source use. Enterprise use of open-source software for the most part appears to be more mature and in line with open-source license practices, he said.

What the Linux Foundation is doing is "to provide operations advice that should make it easier for device manufactures and distributors to comply with free and open-source software licensing at minimum cost," Moglen said.

But enterprises that are using open-source technologies will also benefit from the Linux Foundation's newly released tools for identifying and reporting source code components, and for ensuring that the code is safe and ready for public consumption.

"Companies wanting to use or contribute to the open-source world are complex mixes of developers, business management and operational management such as the internal legal team," said Stephen Walli, technical director of CodePlex Foundation, a nonprofit that facilitates the exchange of code among software companies and open-source communities.

The Open Compliance Program will increase corporate contribution to and participation in the open-source world, and alleviate some of the FUD (fear, uncertainty and doubt) that surrounds open-source licensing, he said.

"I think the Open Compliance Program is an important next step in the industry as more and more companies use and contribute to the open-source software ecosystem," Walli said.

"There's a growing maturity and understanding in the software industry around intellectual property practices over the past two decades, but that understanding isn't uniformly present across all participants," he said. "The OCP fills that gap, providing tools and education for all to use."

The Open Compliance Program comes at a time when there are indications that adoption of open-source software may have reached a turning point. A survey by Accenture of 300 IT managers in the U.S., the U.K. and Ireland showed that 69% expected investments in open-source tools to increase this year, while about 40% said they planned on migrating mission-critical software to open source in a year.

More than 75% of the survey respondents cited quality as a primary driver of open-source adoption.

The Linux Foundation's move highlights issues being raised by the continued broadening of Linux and open-source use, said Jay Lyman, an analyst at The 451 Group.

"While it has extended to new markets and devices, open-source software and its licensing model are still very new to many organizations and verticals, so this type of compliance and facilitation" is needed for continued growth, Lyman said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at  @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Join the discussion
Be the first to comment on this article. Our Commenting Policies