Personal tools
You are here: Home Open Source Compliance Review and Approval
nrcfoss logo aukbc cdac iit mumbai iit madras ow2 iosn flosscc
Digital India

Review and Approval

Review and Approval reviews the planned use of open source in products for distribution and, if mandated by company policy, in internal projects.


1. The organization subjects all open source use in products to review and

   defines what contextual changes in OSS use trigger re-approval activity.

2. The organization considers issues relevant to the use of a specific OSS

   package and version, e.g. bug fixes the community has made in

   subsequent versions, security vulnerabilities that have been identified in

   a specific package version, technology incorporated into the package

   that might be subject to export control regulations, etc.

3. An open source review board is used to review and approve planned

   uses of OSS in products for distribution.

   a)The OSRB is staffed with appropriately skilled and knowledgeable individuals.

   b)Appropriate resources are available for the interpretation of OSS licenses and

   definition of obligations to be satisfied.

   c)Sufficient staffing is provided to the OSRB to achieve turnaround time on

   submissions that supports product development cycles.

   d)OSRB procedures (inputs to a review, participants, review procedures, analysis

   procedures, decision outcomes, appeal and waiver procedures, etc.) are

   defined and documented.

   e)The OSRB considers and provides architectural guidelines and/or requirements

   for OSS inclusion in products to be distributed.

   f)The OSRB uses independent analysis methods to confirm the OSS content

   reported by teams when they submit an OSS use case for approval.

   g)Records of OSRB deliberations are maintained (cases, status, past decisions,

   requirements imposed on product teams, etc.) and used in future deliberations.

   h)The OSRB decides whether to approve the proposed OSS use and identifies

   obligations that must be satisfied, if any, and conditions that must be met, if any,

   before product distribution is approved.

4. The organization provides a definition and examples of the information

   that must be submitted to the OSRB for approval of OSS use.

   a) Proposed use of OSS includes a description of the architectural interfaces and

   dependencies between any OSS components and the rest of the system.

5. The OSRB communicates perspectives across business units to achieve a

   consistency of interpretation of license obligations and review practices.



Document Actions