The following is adapted from The Linux Foundation’s e-book, Open Source Compliance in the Enterprise, by Ibrahim Haddad, PhD.
Education and communication are two essential building blocks in any open source software compliance program. Both help ensure that employees, as well as others outside the organization, possess a good understanding of the organization’s policies governing the use of open source software.
Employee training serves as a venue to publicize and promote the compliance policy and processes within the organization and to foster a culture of compliance.
While clear and consistent messaging — whether it is internally to your employees or externally toward the developer communities of the open source projects you use in your product/software stack — help explain the company’s goals and concerns around open source.
The goal of providing open source and compliance training — formally or informally — is to raise awareness of open source policies and strategies and to build a common understanding around the issues and facts of open source licensing. It also addresses the business and legal risks of incorporating open source software in products and/or software portfolios.
Such training can follow a formal or informal format, depending on the organization’s needs.
Depending on the size of the company and the extent to which open source is included in its commercial offerings, the company can mandate that employees working with open source take formal instructor-led courses, possibly culminating in actual exams.
Informal training channels may include any or all of the following:
• Brown bag seminars: Brown bag seminars are usually presentations made during lunchtime by a company employee or an invited speaker. The goal of these seminars is to present and evoke discussions of the various aspects of incorporating open source in a commercial product or an enterprise software portfolio. These sessions can also include discussions of the company’s compliance program, policies, and processes.
• New employee orientation: In some instances, the Compliance Officer presents on the company’s compliance efforts, rules, policies, and processes to new employees as part of employee orientation, supplying new employees with necessary open source management information: who to talk to, what internal website to visit, how to sign-up for open source and compliance training, etc.
A website or online portal focused on a company’s open source management program helps tie together employee training with internal and external messaging and make it easily accessible.
Companies use portals in two directions: inwards, inside the company; and outwards, as a window to the world and the open source community. The internal portal hosts the compliance policies, guidelines, documents, training, announcements, and access to mailing lists. The external portal offers a public platform for the world and the open source community, as well as a venue to post source code of open source packages, acknowledgements, and other disclosures, in fulfillment of license obligations.
We’ve now covered all seven essential elements of an open source management program, from strategy and process, to staffing and tools, and more. In the next few posts we’ll discuss some common challenges to establishing an open source management program and provide some recommendations on how to overcome these challenges.
Get the open source compliance training you need. Take the free “Compliance Basics for Developers” course from The Linux Foundation. Sign up now!
Read the previous articles in this series: