Organisations that are interested in using open source in their own products but are wary of intellectual property issues might want to examine a new, mostly free, assistance programme just launched by the non-profit Linux Foundation.
The Open Compliance Program includes an assessment checklist, training programmes and software tools to monitor open source software usage. Organisations such as Adobe, AMD, Cisco Systems, Google, HP, IBM, Intel, Motorola, Novell, Samsung, the Software Freedom Law Center and Sony Electronics have endorsed the plan.
Especially in the growing field of mobile device and consumer electronics manufacturers, software development often involves use of multiple programs - many open source - in a single stack, said Jim Zemlin, executive director of The Linux Foundation.
"You have a really complicated supply chain, where you might get source code coming from lots of different places, whether it is a chipset vendor, a mobile handset provider or embedded software vendor," he said. "Managing open source licence compliance is complicated."
Many companies are unaware of how different software licensing works with open source, or their executives fear being forced to divulge their own software code because it was intermingled with some open source code under the Gnu Public License (GPL). SAP, for instance, has set up an open source office and programme specifically to deal with such issues.
"What we were looking for is [a way] to solve this complexity and to prevent needless lawsuits," Zemlin said. "Our community has the exact same goal that the industry has, to make using open source as low-cost and as easy as possible."
The Linux Foundation's programme provides a range of tools and services to get such companies up to speed, Zemlin said.
The programme includes a self-assessment check-list (available in late 2010), training programmes, software tools that check programs for open source licensing or other issues, a community workgroup, a compliance directory of companies using open source software, and a new standard, called the Software Package Data Exchange (SPDX), that can be used to create a packing list of all supporting software components within an application.
All these services, except for the training courses, will be free, Zemlin said.