Short answer
The OSPO provides a structured training program: a mandatory e-learning module for all engineers, advanced workshops, and sponsored Linux Foundation certifications (LFC191, LFC193) for key contributors. Monthly Office Hours sessions complement the curriculum.
Detailed explanation
Training program overview
The OSS training program is organized into three levels, accessible based on role and degree of involvement in the organization’s open source activities.
Level 1 — Foundations (mandatory for all engineers)
Module: OSS Foundations (e-learning, ~2 hours, available on [internal platform])
This module covers:
- What open source is and why it is strategically important for the organization.
- The main license families (permissive, copyleft) and their obligations.
- Our internal policy: how to use an OSS component, how to register a dependency in the SCA tool.
- What not to do: contributing without authorization, mixing incompatible licenses, ignoring CVEs.
To be completed within 30 days of joining, with an annual refresher.
Level 2 — Advanced workshops (on registration)
| Workshop | Target audience | Duration | Frequency |
|---|---|---|---|
| License Compliance Workshop | Developers, tech leads, product managers | Half day | Quarterly |
| Community Governance Masterclass | Maintainers of internal OSS projects, OSPO Champions | Full day | Bi-annual |
| Contribution Best Practices | Developers wishing to contribute to external projects | 2 hours | Monthly |
| SCA & SBOM Hands-on | DevOps, security engineers | Half day | Quarterly |
Level 3 — Linux Foundation certifications (sponsored)
The organization sponsors Linux Foundation certifications for active OSS contributors and OSPO members.
LFC191 — Open Source Licensing Basics for Software Developers
- Goal: understand why and how to add licenses and copyrights to code; know the obligations of common OSS licenses.
- Audience: all developers using or contributing to open source.
- Format: free, self-paced e-learning.
- Link: training.linuxfoundation.org/training/compliance-basics-for-developers
LFC193 — Introduction to Open Source License Compliance Management
- Goal: learn how to assess the organization’s compliance status and build a formal compliance program.
- Audience: project managers, tech leads, architects, OSPO members.
- Recommended prerequisite: LFC191.
- Format: self-paced e-learning, aligned with OpenChain ISO/IEC 5230:2020.
- Link: training.linuxfoundation.org/training/lfc193
LFC194 — Implementing Open Source License Compliance Management (advanced)
- Goal: structure and implement a complete OSS compliance management system.
- Audience: OSPO, Legal, security leads.
To request certification sponsorship, contact the OSPO via [internal form / link].
Regular sessions — OSPO Office Hours
Every month, the OSPO hosts open sessions (30–60 min) for everyone to:
- Get answers to questions about licenses, contributions, and processes.
- Stay current on OSS news (major new CVEs, license changes, ecosystem updates).
- Hear experience reports from internal contributors.
Schedule and connection link available on [internal channel / shared calendar].
Additional resources
| Resource | Description | Link |
|---|---|---|
| Linux Foundation Training | Full OSS training catalog | training.linuxfoundation.org |
| OpenChain Project | ISO standard for OSS compliance | openchainproject.org |
| FINOS Open Source Readiness | Sector framework (finance) | osr.finos.org |
| TODO Group Guides | Practical OSPO guides | todogroup.org/guides |
Common pitfalls
- Treating the foundational training as optional — license non-compliance can expose the organization to litigation; training is a prerequisite, not a bonus.
- Not staying up to date — licenses evolve and new models emerge (SSPL, BSL). The annual refresher is essential.
- Handling edge cases without the OSPO — training provides the general framework; complex situations must always be escalated to the OSPO.