Today the Linux Foundation launched its Open Compliance Program. This bold new initiative promises to increase adoption of open source and help companies comply with open source licenses. It combines some efforts already in place with several exciting, newly unveiled elements-more about those below.
One of the key elements of the program is SPDXTM (Software Package Data ExchangeTM) a standard enabling the exchange of license and copyright information. As co-chair of the SPDX group (a FOSSBazaar working group of the Linux Foundation), I as well as my company Black Duck have been involved in the evolution of this standard for some time. And we are in amazing company. The founding members of the program include IBM, Intel, NEC, and numerous other heavyweights of software and electronics. The effort was initiated at the grass roots of the foundation's biggest members. At the same time Jim Zemlin, the executive director, picked up the visionary ball and personally assembled the pieces, resources, personnel and support to make it possible.
The program is a very significant move for the Linux Foundation for a couple of reasons. First, the program fills a huge need. Last week's court decision upholding GPL and awarding an injunction must have companies in the industry goosier than ever. (No duck jokes, please.) An Accenture survey published the very next day documents how rapidly all kinds of organizations are coming to rely on open source. The survey goes on to describe the biggest challenge holding companies back from open source: training for developers. This need is being addressed directly by the Open Compliance Program.
Another significant aspect of the announcement is that it's by no means Linux-specific. Everything in the program applies to Linux, but nothing limits it to Linux. The members must have realized that there was no other entity poised to fill the above-described need. And the Linux Foundation, notwithstanding its Linux-specific orientation, is just the kind of neutral party to fill the void. It uniquely combines deep open source roots and the strong practical business orientation-uncommon in a non-profit-that Zemlin has brought to the organization. The foundation realizes that what's good for Linux is good for open source overall and vice versa, and is therefore leading the charge.
The comprehensive program comprises six elements: Tools, Self-Assessment, SPDX, Rapid Alert System, Training, and Community. Some of these pieces, such as the FOSSBazaar community, have been in place for some time. SPDX was fortuitously started around the beginning of the 2010, in time to have a public version of the spec available today. For other pieces like the training program and self-assessment checklist, the Linux Foundation has staffed up rapidly to develop content specifically for the program.
The Linux Foundation has stepped up to help the industry, but some may ask if they have overstepped their bounds. Read their 'About Us' section: it will tell you that the organization is "dedicated to fostering the growth of Linux." However, another couple clicks and a little scroll will get you to Section 2.1 of the 2007 bylaws: "The purposes of this corporation include promoting, protecting, and standardizing Linux and open source software." So, the Open Compliance Program is perfectly aligned to promote and enable the growth of Linux and everything else open source. If the program takes off the way I anticipate, that About Us may need a little editing.
Congratulations to the Linux Foundation on this very cool milestone.