Wny Do You Need Open Source Audits



Posted: Monday, August 17, 2009

by Martin Knight
Source Auditor

There have been a number of court cases over the past 2 years, and it is starting to look like a trend!

Both the out of court settlements and the court determined settlements have been won by the plaintiffs, ie, the advocates of open source. The courts have ruled that the license obligations are valid and enforceable. Further, it appears that the original commercial software developer and the company that distributes this commercial software are equally liable for open source license violations.

Most of the settled cases have driven the appointment of an Open Source Compliance Officer. This is someone who is authorized inside the company to insure that the open source license obligations are, in fact, met. Creating such a post is something Gartner Group has recommended for some time, and it looks like the trend to create this type of position is gaining momentum.

So it is becoming official that companies using FOSSinside their commercial software should appoint an open source compliance officer to help create their open source policies and then enforce them.

-Verizon, the telecom provider, was sued by the Free Software Foundation. Busybox is licensed under GPL, and Verizon was accused of not honoring the GNU General Public License obligations and not making the Busybox software available to their customers. Actiontec Electronics is also paying an undisclosed sum to the FSF.

-Diebold, a maker of voting machines, was sued by Artifex, copyright owner of the Ghostscript open source package. Artifex has accused Diebold of incorporating Ghostscript into its commercial voting machines without honoring the terms of the General Public License.

-Skype, the maker of the phone conferencing software, was sued by GPL-Violations.org in a German court. The court found that Skype was guilty of not upholding the terms of the GPL. Skype was selling a third party VoIP phone from SMC Networks (the WSKP100) which used a version of Linux.

The complaint was that D-Link was distributing the DSM-G600 product which incorporated GPL licensed software and yet D-Link was not meetings its GNU General Public License obligations. The German court found that "D-Link is not entitled to dismiss GPL's legality on the one hand, while at the same time enjoying the use of code licensed under it." D-Link has signed a cease and desist agreement, published firmware on its site, and informed customers.

-Fortinet, a tiny maker of firewalls, was sued by GPL-Violations.org in a German court for distributing Linux without following the terms of the GNU General Public License. The court ruled against Fortinet, and Fortinet agreed to publish the code licensed under General Public License on its website and to inform it's customer base.

The suit alleged that Monsoon was distributing Busybox, which is licensed under GPL, inside its products, while not honoring the terms of the GNU General Public LIcense. Monsoon settled this out of court by agreeing to pay the FSFan undisclosed sum, while also publishing the GPL licensed code and informing its customer base.

The suit alleged that Xterasys Corporation was distributing Busybox, which is licensed under GPL, inside its products, while not honoring the terms of the GPL. Xterasys also agreed to appoint an Open Source Compliance Officer.

-High Gain Antennas, was sued by the Free Software Foundation. The suit alleged that High Gain Antennas was distributing Busybox, which is licensed under GPL, inside its products, while not honoring the terms of the GNU General Public License. High Gain Antennas settled this out of court by agreeing to pay the FSF an undisclosed sum, while also publishing the GPL licensed codeand letting its customers know. High Gain Antennas also agreed to appoint anOpen Source Compliance Officer.

Per the suit, Cisco had incorporated several GNU General Public License and LGPL licensed components including the GNU GCC and the GNU User Stack, both essential components of Linux, and Cisco has repeatedly failed to fulfill the GPL obligations which include disclosing that their products include GPL licensed code and offering to make that software freely available to customers. This suit was settled out of court, with Cisco agreeing to the usual conditions, ie, paying an undisclosed sum to the plaintiff and agreeing to honor the terms of the license while appointing an Open Source Compliance Officer.

Click here, to learn more about how to manage and trackopen source inside commercial software.

Source Auditor helps commercial software developers identify and track open source license obligations embedded inside their own code. To learn more about how to track open source inside your commercial software, and to reduce your legal risks, click on the link.
This Article has been viewed 162 times. (Not updated in real-time.)
No comments yet.
We want your comments! If you can read this, you don't have javascript enabled, so you can't use this comment system. Please enable javascript.