Resources

The following items are "in transit" and will be placed within the FLOW Syllabus.

Validos: The Validos initiative helps businesses engage with Free Software. The primary focus of Validos is package level compliance and clear reporting to facilitate simple redistribution of code. With its format of cooperative information sharing among corporate and legal stakeholders, Validos provides a way to increase compliance fidelity and streamline code management activities. It is a Finnish registered association with thirteen members, and has a modest annual fee for participation. Website: http://www.validos.org

Binary Analysis Tool: The Binary Analysis Tool (BAT) is a modular framework that uses the same approach applied by gpl-violations.org to discover issues in consumer electronics. It can open many types of firmware, detect Linux and BusyBox issues, and report outcomes in XML format. It also features knowledge-base support to allow high fidelity customization for advanced users. BAT is available for free under the Apache license so that everyone can use, study, share and improve it. The project frequently adds new features.
Website: http://www.binaryanalysis.org

Code Janitor Tool: The Code Janitor is a tool released by the Linux Foundation that helps to search source code to make sure that developers did not leave comments that might reveal future products, product code names or discuss competitors and their products. It maintains a database of keywords to scan for, and can be customized as necessary. It is available without charge. Website: http://www.linuxfoundation.org/programs/legal/compliance/tools

Dependency Checker Tool: The Dependency Checker is a tool released by the Linux Foundation that helps identify source code combinations that will lead to dynamic and static linking, and in the context of a license policy framework can create a list of items that need to be flagged before products are released. Website: http://www.linuxfoundation.org/programs/legal/compliance/tools

FOSSology: FOSSology started as an internal project at HP to support governance processes. It is a tool that analyses all the files in a project and reports on the licenses used, basing its results on license declarations and tell-tale phrases. It also has the ability to scan for copyright notices, email addresses and URLs, allowing users to create custom reports. The project is hosted by the Linux Foundation, is available as Free Software, and is maintained in both English and German by developers from HP and other organizations. Website: http://fossology.org

Ninka: Ninka is a lightweight license identification tool for source code. It is sentence-based, and provides a simple way to identify open source licenses in a source code file. It is capable of identifying several dozen different licenses (and their variations). It has been designed to be lightweight, fast and to avoid making errors. It is available under a Free Software license. Website: http://ninka.turingmachine.org

OSS Discovery: OSS Discovery is a Free Software tool that helps scan for software inside a business network. It searches for both source code and binary instances of software, and is intended to help create an inventory of deployed applications across servers and desktops. Website: http://www.openlogic.com/products/scanners.php#oss-discovery

Black Duck Suite: The Black Duck Suite helps companies automate the management, governance and use of Free Software. It consists of various commercial products, including the Black Duck Code Center, Export and Protex. The Code Center supports the selecton of Free Software components, as well as the ongoing monitoring of the components in use. Protex and Export assist with the validation of code before deployment. The tools are powered by the Black Duck KnowledgeBase, which includes over 230,000 projects from more than 4,500 sites. Website: http://www.blackducksoftware.com/black-duck-suite

OSS Deep Discovery: OSS Deep Discovery scans source and binary code to identify Free Software, even when the code in question has been copied or modified. It uses noise-reduction techniques to reduce false positives, and reduces the amount of time and personnel resources required to analyse scan results. It is targeted towards product distribution and M&A activities in the enterprises market. Website: http://www.openlogic.com/products/scanners.php#oss-deep-discovery

Palamida Application Security Compliance Edition: Palamida Compliance Edition is an application security solution designed to help companies managed Free Software license obligations. It identifies, assesses, and manages Free Software obligations in customized code with a focus on risk management.
Website: http://www.palamida.com/products/complianceedition

Protecode System 4: Protecode System 4 scans code to analyze Free Software licenses according to customized policies. It is designed to fit into existing processes and provide a simple way to understand what is in an enterprise code portfolio. While having a small footprint, it is designed to scale into organizations with up to 20,000 developers, and works in conjunction with the Protecode IP Signatures Database to monitor 450,000 public software projects. Website: http://www.protecode.com/system4overview.php

FOSS Governance Fundamentals https://fossbazaar.org/openSourceGovernanceFundamentals

FOSS Policies and Guidelines https://fossbazaar.org/content/foss-policies-and-guidelines

A Practical Guide to GPL Compliance http://softwarefreedom.org/resources/2008/compliance-guide.html

Maintaining Permissive-Licensed Files in a GPL-Licensed Project: Guidelines for Developers http://softwarefreedom.org/resources/2007/gpl-non-gpl-collaboration.html

Useful Compliance Tips For Vendors http://fsfe.org/projects/ftf/useful-tips-for-vendors

Reporting and Fixing License Violations http://fsfe.org/projects/ftf/reporting-fixing-violations