Almost two years ago, The Linux Foundation launched the Open Compliance Program to help companies manage their end-to-end open source license compliance processes. We have continually added papers, training, tutorials, and dedicated Legal/Compliance session tracks at conferences like Collaboration Summit to help make compliance processes easier to understand, and more cost-effective to implement.
Today, we are releasing a new template that will help companies manage the flow of data through the compliance process.
License compliance best practices require complete and accurate information about FOSS components being incorporated into the software supply chain. This requires a continual focus on ensuring the right information is collected and archived when a new FOSS component is to be introduced into a software product, from initial request to final shipment.
To help with this process we've just published a template for collecting information about a FOSS component and its usage, so that when a request is made to the company's internal open source review board, it can be easily and thoroughly evaluated. This template will also help development organizations spend less time re-submitting missing data, and a standardized format can accelerate the approval process.
We will publish additional templates for usage guidelines, due diligence on a supplier's FOSS compliance practices, and more over the coming months. In the meantime, we encourage you to download and reuse the request template. And as always, if you need additional guidance on designing your FOSS compliance program, we can help with that too.