This white paper examines compliance practices needed when software supplied by a third party vendor is brought into the code baseline of a product to be distributed externally. The white paper discusses requirements a company should impose upon its suppliers to disclose FOSS in their deliverables and to provide what’s needed to achieve compliance. The paper also discusses steps a company should take to review and validate the FOSS disclosures made by its suppliers. In addition to those topics, the white paper addresses measures a company can undertake to assess its suppliers’ compliance capabilities.
Download: FOSS Compliance Practices for Supplied Software.
About the Author (Philip Koltun, Ph.D.)
Dr. Philip Koltun directs The Linux Foundation’s Open Compliance Program and works with the community to provide a full range of services and intellectual assets that enhance compliance activities.
- Dent Introduces Industry’s First End-to-End Networking Stack Designed for the Modern Distributed Enterprise Edge and Powered by Linux - 2020-12-17
- Open Mainframe Project Welcomes New Project Tessia, HCL Technologies and Red Hat to its Ecosystem - 2020-12-17
- New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security - 2020-12-08
