DuckDuckGo Ups Ante: Gives $300K to 'Raise the Standard of Trust'
For the seventh year in a row, the search engine that promises not to stalk your online moves puts its money where its mouth is, this year by donating $300,000 to organizations that
System76 Saying Goodbye to Bland Design
Considering that System76 chose to unveil its new design plans to The Linux Gamer -- no invite went to FOSS Force, BTW -- we can't help but wonder if a System76 Steam Machine isn't in the works.

The Screening
The Great Debian Iceweasel/Icedove Saga Comes to an End
Now that Thunderbird is back in the Debian repositories, the decade long dispute that led to all Mozilla products in Debian being rebranded has ended.

The hatchet is finally completely
Back Yard Linux
It's not as lonely being a Linux user as it once was. These days you're liable to find people throughout your neighborhood using Linux.

My how times have changed.

It wasn't long ago that Linux
No, Evil Hackers Aren't After You
Humankind has outgrown the need to have monsters hiding under our beds. Now we let them hide in our phones, computers and microwave ovens.

Roblimo's Hideaway

OMG! I think I see a giant camera lens on
Should the U.S. Army Have Its Own Open Source License?
Should the U.S. armed forces begin releasing software under an OSI approved open source license rather than as public domain?

Roblimo's Hideaway

This question has generated many pixels'
GitHub CEO Chris Wanstrath on Open Source
Did you know that the software Stephen Hawking uses to speak is open source and that it's available on GitHub? Neither did we.

The Screening Room

At the Computer History museum, GitHub CEO Chris
February 23rd, 2017

New Open Source License Compatibility Company Debuts with a Bang

Finding compatibility issues in open source software is tedious and complex. Roblimo explains why organizations that look for compliance issues are a valuable asset to the FOSS community.

Roblimo’s Hideaway

examining code compliance compatibility

When I heard about FOSSA, my first thought was, “Don’t Black Duck and Palamida already have the FOSS license compatibility thing pretty well sewed up? Do we really need another company doing it?”

This was, of course, the question I immediately asked FOSSA founder Kevin Wang. His answer, via email:

  • Auditing tools like Black Duck or Palamida work best for things like M&A and due diligence; they were designed for those use cases to work with large detail-rich scans, bundled with human review and expert services for one-off transactions (something we’re not focusing on).

    However, we see companies hit roadblocks when they try to integrate or scale this into an ongoing workflow. It’s unrealistic to do large-scale code audits in real-time development, especially as we’re using more OSS than ever before and making releases faster than ever before (many of our customers have tried!)

    So to make OSS compliance work for an ongoing workflow, we actually had to take a completely different approach. While we do scan code, we work on top of build and code analysis rather than a registry-based approach. Then, we layered a lot more capabilities to make the tool smarter, easier and faster — ultimately to the point where you can run it per-commit during development rather than when you can afford to run, say, a quarterly code audit.

    This piece goes a little bit more in depth on what we do on top of scanning capabilities, and our feature tour at should give a good overview of the workflow capabilities.

In the blog post Kevin links to in the preceding paragraph, he says, “Every time code is casually shared, it passes on a slew of unknown license and copyright responsibilities for every subsequent developer that uses or spreads the code. Today, developers have no easy way to see what’s inside the code they get. As more code is used/written/shared, legal obligations and risk cascade across the community. Even if your developers diligently avoid casual code sharing, they likely rely on code that doesn’t — and if they’re using a modern language/build system, their tools are automatically pulling in thousands of OSS libraries from casual developers.”

This is a good point. You don’t just need to know how the program you’re using is licensed, but about all the code and dependencies behind it (or hidden inside it). There are a lot of dubious snippets out there on code-sharing sites that may have been posted by employees somewhere who had no right to make them public. If so, and the hammer comes down on them, you don’t want it to come down on your company.

So code licensing compliance is a big deal, to the point where Kevin managed to raise seed capital of $2.2 million almost effortlessly from an impressive group of “angel” investors through world-famous Bain Capital. We have heard, from someone not authorized to tell us, that Kevin had more millions he could have had for the asking, but that he decided to take only the funding he thought he really needed, not all he could get.

Obviously, these people believe Kevin and FOSSA offer something his competitors don’t. For more about FOSSA, its investors, and what the company is up to, including some testimonials from current customers, check this press release.

Okay, (yawn) so this is yet another Silicon Valley company started by a guy so young that he’s only been legally able to buy beer for a year or two. This is true. But it’s also proof that some smart investors figure it’s worth investing in a company that will sink or swim along with FOSS acceptance, so FOSSA is part of a virtuous spiral wherein a new company wants to make it easier (and safer legally) for enterprises to use and write open souce software, which will hopefully lead to more FOSS use and creation, which will lead to more companies supporting FOSS in one way or another, and so on… until hopefully, in a rosy future, virtually all computer tasks can be performed with nothing but FOSS.

This is still a bit of a dream, but it’s a good one. Meanwhile, we’ll check back with Kevin and FOSSA in a month or two and see how they’re doing. You always get nothing but optimism during a company’s initial PR blast (disclosure: masterminded in this case by my old friend Jill Ratkevic), so the time to really find out what’s going on with a company and the market it’s in is after things have had a chance to shake down, and reality has set in. That’s when we’ll interview Kevin for real.

Note to readers about free software video editing: I now have KDEnlive installed and running on Linux Mint, but the learning curve has turned out to be (let’s say)… substantial. I’ve managed to effortlessly ingest several MP4 clips, a few still images, and two MP3 audio files, which is a big deal compared to free software video editors only a few years ago. (Yay!) Now I need to scare up time to actually do some editing in KDEnlive!)

The following two tabs change content below.

Robin "Roblimo" Miller

Robin "Roblimo" Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat,, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. He also publishes the blog Robin ‘Roblimo’ Miller’s Personal Site. @robinAKAroblimo

Leave a Reply