There are many ways that vendors of proprietary products try to scare business customers away from open source software, and one of the more commonly heard examples involves vague fears about compliance with open source licences. There's nothing like the spectre of a good lawsuit to scare a company back into a paid vendor's welcoming arms.

Open source software such as Linux does involve licences, it's true, but complying with those licences should not impose any significant burden on the company using such software. Nor should it be a reason to use proprietary products instead.

Aiming to help quash such fear, uncertainty and doubt, and to help companies focus their compliance efforts, the Linux Foundation this week unveiled a free self-assessment checklist designed to reduce the cost and complexity involved for the increasing number of companies using Linux.

Open Compliance Programme

The Linux Foundation actually runs a full fledged compliance programme aimed at easing the adoption of open source software, and it includes a variety of free tools and education materials, comprehensive professional training, an online compliance community for exchanging compliance best practices and more.

Founding participants of the programme include Adobe, AMD, ARM Limited, Cisco Systems, Google, HP, IBM, Intel, Motorola, NEC, Nokia, Novell, Samsung, the Software Freedom Law Center and Sony Electronics.

The new checklist, meanwhile, is designed to provide a confidential internal tool that companies can use to assess their progress with a rigorous compliance process and to prioritise their improvement efforts.


A process failure modes effects analysis (FMEA) approach, for example, identifies the ways a compliance attempt can fail, as well as practices that can help prevent that from happening. More than 100 practices are identified in the checklist, all focusing on what needs to be done.

The checklist can help companies prioritise process improvement efforts in the areas of greatest payoff. Plus, it can be used to assess a supplier's compliance practices and gauge the likely reliability of its open source disclosures. Based on practices found in industry-leading compliance programmes, the tool will improve the effectiveness of such programmes and deliver tangible benefit relative to the cost of those practices, the Linux Foundation says.

A free download

While it's not a guarantee of compliance, nor does it provide specific guidance on interpreting the GNU General Public Licence (there are companies for hire that offer such assistance), the checklist does help companies make sure that they have the necessary policies, tools and resources in place to comply with open source licences.

"Compliance is essential if companies are to gain the maximum benefit from use of free and open source software while respecting license obligations," as the foundation points out.

How does your company measure up? Find out by downloading the Self-Assessment Checklist (registration required) and trying it out for yourself.