Linux Foundation launches license compliance effort

Linux Foundation executive director Jim Zemlin says the program will lower costs, speed adoption, and lead to better compliance tools.

Harald Welte won't be alone any more.

The Linux Foundation is taking on the task of open source license compliance.

Working with dozens of major vendors, it has created a new program for license compliance which a data exchange standard making compliance simpler.

The program was announced this morning at LinuxCon in Boston.

Open source license compliance is already an industry, of course. Companies like Palamida, Black Duck and OpenLogic have made millions helping companies meet their license obligations. This in addition to vendors' own efforts and systems that also work with proprietary software.

Their reaction seems to be unabashed joy. A Black Duck executive, Phil Odence, chairs the foundation's Software Package Data Exchange (SPDX) working group. In addition to the software there is a directory that lets developer link, through the Foundation, to corporate compliance officers.

That may be why the Linux Foundation seems late to the party. There are many moving parts in license compliance, many vendors with their own agendas. Getting everyone on the same page took time and no small amount of diplomacy.

It's not something even the most well-intentioned individual could do alone. It took some institutional heft, which the Foundation brought to the party.

There is another benefit to all this, of course, beyond keeping enterprises in compliance with license the way the Business Software Association expects them to be in the proprietary space. But improved compliance tools will also help enterprises maintain current versions of open source tools, improving security.

In his own blog post on the program, Linux Foundation executive director Jim Zemlin (above) says the program will lower costs, speed adoption, and lead to better compliance tools.

Another win-win-win for the penguin.