• Overview
• Curriculum
• Instructor

Course Overview

This 6-hour instructor-led course provides a practical and comprehensive introduction to Free and Open Source Software (FOSS) Compliance. It covers the fundamentals of FOSS, including key license types (permissive, copyleft), legal obligations, and license compatibility. Participants will learn how to build and manage a FOSS compliance program, including policy development, documentation, and the use of Software Composition Analysis (SCA) tools. The course also explores Software Bills of Materials (SBOMs) their generation, validation, and role in compliance and security. Additional topics include managing vulnerabilities, aligning with regulations and standards like ISO/IEC 5230 and Executive Order 14028, and addressing supply chain risks. The training concludes with an introduction to advanced areas such as FOSS in AI/ML, DevSecOps, and emerging compliance tools, equipping learners with the knowledge to support robust and secure open source practices.

 

Curriculum

• 7 Sections
• 27 Lessons
• 6 Hours

 

• • Session 1 (30 minutes):
    Introduction to FOSS
    4
    • 1.1
      What is FOSS?
    • 1.1
      Need for FOSS
    • 1.1
      Risks associated with FOSS
    • 1.1
      Popular projects & brief history of FOSS

• • Session 2 (45 minutes):
    FOSS Licenses: Types & Obligations
    3
    • 1.1
      Key License Categories (Permissive & Copyleft)
    • 1.1
      In-depth discussion on a few licenses
    • 1.1
      Important Obligations

• • Session 3 (45 minutes):
    FOSS Licenses: Compatibility & Other Types
    4
    • 1.1
      Mixing open source licenses
    • 1.1
      Linking, aggregation, and derivative works
    • 1.1
      Dual and Multi License
    • 1.1
      Source Available License

• • Session 4 (1 hour):
    FOSS Compliance Management Process
    4
    • 1.1
      Understanding Policy & Process
    • 1.1
      Documentation Requirements (Modification, Attribution, Notices, etc.)
    • 1.1
      Use of Software Composition Analysis (SCA) tools & Shift-left approach
    • 1.1
      Compliance Lifecycle

• • Session 5 (1 hour):
    Software Bill of Material (SBOMs)
    4
    • 1.1
      What are SBOMs?
    • 1.1
      Types of SBOMs
    • 1.1
      Generating & Validating a SBOM
    • 1.1
      How SBOMs aid in compliance

• • Session 6 (1 minutes):
    Holistic Compliance Approach
    5
    • 1.1
      How Open Source Program Office helps
    • 1.1
      Security Vulnerabilities (CVEs, CVSS, KEV, EPSS, etc.)
    • 1.1
      Operational risk with Open source
    • 1.1
      Sync with other regulations & Standards
    • 1.1
      Vendor/Supply Chain Risk Management

• • Session 7 (1 hour):
    SecTitle
    4
    • 1.1
      FOSS in AI/ML
    • 1.1
      DevSecOps
    • 1.1
      Emerging tools & Trends
    • 1.1
      ASPPM

Prashant Singh Baghel
Prashant has extensive experience of 9+ years helping clients implement open source software license compliance and governance programs.

Prashant experience includes analyzing existing open source compliance processes and evolving them in line with ISO 5230 Open Chain standard. Help organizations create robust open source software policies and categorizing open source licenses based on their environment. He has worked on multiple open source audits to identify security, licensing and operational risks.

Featured Review

The ITAM India course on FOSS license compliance, helmed by Prashant Singh Baghel, is truly exceptional and comprehensive. It covers every aspect of open source compliance with clarity and depth, blending practical examples with expert guidance. I now feel confident managing FOSS obligations and ensuring compliance for my organization.