Companies are increasingly incorporating Free and Open-Source Software (FOSS) in their business operations. However, even the use of Free and Open-Source Software is governed by licensing agreements that must be followed. TÜV SÜD has developed a ground-breaking certification process based on the OpenChain  specification, which enables companies to review their underlying processes and document their compliance with licensing agreements. Hitachi, Ltd. was the first company in the world to receive the new TÜV SÜD certificate.
Many companies are moving over to the use of Free and Open-Source Software (FOSS) for their business operations within the Internet of Things environment. This has the benefit that new software developments can be implemented at a significantly faster pace, yet lower cost. An additional advantage for company developers is the speed at which source codes are upgraded and updated by the community involved. “By choosing FOSS options, companies can benefit from this continuous development and have access to the latest software at all times”, explains Dr. Andreas Bärwald, Head of Software Solutions at TÜV SÜD Product Service GmbH. “This is critical where the safety and, even more crucially, the IT security of software applications is concerned.”
However, even FOSS is subject to rules governing the use, modification and redistribution of its original or modified source code. “These rules are set out in licensing agreements”, says Bärwald. Infringement of these agreements may incur drastic consequences including termination of user rights, prohibition of redistribution of modified versions and even compensation claims. Termination of user rights may have far-reaching impacts throughout the FOSS supply chain and cause long-term harm to the reputation of the software company involved.
End-to-end compliance verification
To prevent infringements of licensing agreements, companies must establish a suitable process for guaranteeing and verifying their compliance with the agreements. “This is no easy task, given that many companies are using increasing numbers of FOSS products from a variety of sources”, warns Andreas Bärwald. The TÜV SÜD expert predicts that verification of FOSS compliance will become a critical factor for the sale of FOSS-based products and for companies seeking to establish partnership-based collaboration. As Bärwald points out, “Trust in compliance with the rules is particularly crucial in this sector, whose driving and shaping force is collaborative advancement – in fact, the developer community as a whole.”
FOSS Licence Compliance
To simplify verification of compliance and enable a standardised process to be set up, TÜV SÜD developed the new “FOSS Licence Compliance” certification scheme. The scheme is based on the OpenChain 1.2 specification, now fully implemented. Using the requirements of the OpenChain project as a basis, TÜV SÜD’s experts drew up criteria for the quality, consistency and completeness of the FOSS supply chain. “The main focus is on ensuring that companies using FOSS are familiar with the software and its licensing agreements and are in a position to prevent potential licensing conflicts – or at least remedy them at an early stage where necessary”, says Andreas Bärwald. Establishment of appropriate infrastructure for integrated end-to-end FOSS compliance management is the foremost requirement. At Hitachi, Ltd., TÜV SÜD subjected the existing infrastructure and relevant processes to close examination. After successful completion of the procedure, Hitachi, Ltd. became the first company in the world to receive “FOSS Licence Compliance” certification.
For further information about the TÜV SÜD “FOSS Licence Compliance” certification or other services by TÜV SÜD in this area, visit our website at www.tuvsud.com/cps.
Picture caption: Presenting the certificate to Hitachi, Ltd. (l. to r.): Akihisa Ishikawa; General Manager, OSS Solution Center, Systems & Service Business Division, Hitachi Ltd. and Dr. Andreas Bärwald, Head of Software Solutions at TÜV SÜD Product Service GmbH.
Note for editorial teams: The high-resolution photo is available for download here [ JPG 821 kB ].
Press-contact: Dirk Moser-Delarami
 OpenChain is a registered trademark of Linux Foundation.