This white paper focuses on the various practical aspects of ensuring free and open source software (FOSS) compliance in the enterprise. It, also, provides an example of a compliance process for FOSS identification and review that consists of five steps.
White Paper main segments
The focus of the paper is around using and integrating FOSS with proprietary and third party source code in a commercial product.
The 5-step identification and review process includes the following phases:
- Scanning the source code
- Identifying and resolving any discovered issues
- Performing license review
- Performing architectural review
- Deciding the approval for this software component
Conclusion
The goal with the FOSS compliance process is to ensure that any software (proprietary, third party, FOSS) that gets into the product base has been audited, reviewed and approved and that the company has a plan to fulfil the license obligations resulting from using the various software components integrated in the product. This type of compliance due diligence is often tracked and executed via such a process.
Full White Paper
A Five-Step Compliance Process for FOSS Identification and Review - By The Linux Foundation