The Linux Foundation Open Compliance Program
https://compliance.linuxfoundation.org/
Free E-book: Practical GPL Compliance
Published by The Linux Foundation, Practical GPL Compliance is a compliance guide for startups, small businesses, and engineers, particularly focused on complying with the versions of the GNU General Public License (GPL). Its goal is to provide practical information and quickly address common issues.
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance
OpenChain
OpenChain identifies common best practices in open source compliance that should be applied as a standard across a supply chain
https://openchainproject.org
OpenChain Curriculum
The OpenChain Curriculum help organizations meet the training and process requirements of the OpenChain Specification. It is also a general open source training and – because of its public domain licensing – you can re-use it for internal or external purposes without any restrictions.
https://wiki.linuxfoundation.org/openchain/curriculum
Free Training: Compliance Basics for Developers
A free open source compliance course from the Linux Foundation targeted for developers.
https://training.linuxfoundation.org/linux-courses/open-source-compliance-courses/compliance-basics-for-developers
Software Package Data Exchange® (SPDX)
SPDX is a set of standard format for communicating the components, licenses and copyrights of software packages.
https://spdx.org/
Self-Assessment Checklist
The Linux Foundation has compiled this extensive checklist of compliance practices found in industry leading compliance programs. Companies can use this checklist as a confidential internal tool to assess their progress in implementing a rigorous compliance process and to help them prioritize process improvement efforts.
https://go.linuxfoundation.org/self-assessment-checklist
TODO Group
TODO is an open group of companies that collaborate on practices, tools, and other ways to run successful and effective open source programs.
http://todogroup.org/
Using Open Source
This enterprise guide by The Linux Foundation offers practical guidance on using open source software in a legal and responsible way.
https://www.linuxfoundation.org/resources/open-source-guides/using-open-source-code/
A Template for Approval Request Form For The Use of Free and Open Source Software
This document is part of the free resources made available by The Linux Foundation Open Compliance Program. It offers a template for the Approval Request Form used by developers to request approval to use Free and Open Source Software (FOSS) in a commercial product. The company’s Open Source Review Board (OSRB) reviews the submission and determines approval. In most cases, the submission, review and approval of such requests is managed via an online system that is part of the company’s FOSS compliance management process.
https://www.linuxfoundation.org/events/a-template-for-approval-request-form-for-the-use-offree-and-open-source-software/
Generic FOSS Policy
Companies using FOSS often create a company-wide policy to ensure that all staff is informed of how to use FOSS (especially in products), to maximize the impact and benefit of using FOSS, and to ensure that any technical, legal, or business risks resulting from that usage are properly mitigated. This document is a free resource available from the Linux Foundation under the Open Compliance Program. It offers a generic FOSS policy that companies can use as starting point in creating their own FOSS policy. It provides a template policy that focuses on governing FOSS usage in externally distributed products and that can be customized to the company’s specific needs.
https://wiki.linuxfoundation.org/_media/openchain/lf_compliance_generic_foss_policy.pdf