Minding your P's and Q's with Open Source & IP Indemnification
On Friday, December 9th, the International Herald Tribune brought up some critical aspects of the appropriate uses of open source software which is ever more pressing as open source continues to go more main stream. Open source compliance continues to be difficult issue, often compounded by the large and varied range of licenses that governed the use of the software that may come with the kind of strings attached that you may not realize.
The following is a snap-shot story from IHT, highlights a well known violation of probably the most stringent of all open source licenses, GPL:
Harald Welte, a 26-year-old software developer in Berlin, was peeved in 2003 when he learned that a company in Irvine, California, was selling software that used Netfilter/iptables, a program he had created with five software developers in Australia, Japan, Canada and Germany.
The California company, Linksys, had failed to honor to a critical part of the General Public License, or GPL, the most common of about 90 open-source licenses in use today. Under the GPL, any product that includes a licensed program must publish its underlying source code, that is, the computer instructions as written in a programming language. To make matters worse, Linksys had just been bought for $500 million by Cisco Systems, the world's biggest maker of networking equipment.
After the Free Software Foundation, holder of the GPL license, wrote to Cisco and Linksys to criticize the license breach, Cisco published the source code of the Linksys product, thus giving credibility to the idea of enforcing open-source licenses and spawning new caution among sellers of software.
"This kind of infraction is not as uncommon as one might think," said Welte, whose efforts have also forced Deutsche Telekom, Siemens and smaller European software makers like Allnet, Sitecom and Fortinet, among 50 others, to publish source code because they were selling products based on his software. "Violations are getting more common all the time."
As result, software indemnification is becoming cannot be ignored by software house that uses one or more line of source code from the Open Source community. A recent article published on DataDirects developer site explains more about the risks incurred if you choose to ignore what you the sand approach, but critically, the article states the following:
"DataDirect provides legal indemnification and quality guarantees that provide customer protection and legal assurance."
Recently, this is going further and spawning new business models. The world renowned` insurance brokers Lloyd's of London who are typically more associated with shipping insurance is now offering open-source compliance insurance, particularly for companies doing M&A unpeeling the many layers of software dependencies is now a core part of due diligence. One only has to look at start ups such as Palamida underscore the increasing need for open source compliance.
So the watch-word is, proceed with caution. When looking to acquire software, look for intellectual property indemnification and most importantly an understanding from your software vendor that they understand the risks of using open source.
Jonathan Bruce is Program Manager at DataDirect Technologies. He has led and participated in four JSRs and enjoys helping Java and .NET developers take advantage of the benefits XQuery offers when working with XML and a variety of databases. Recently relocated from San Fransisco to North Carolina, Jonathan spends his weekends running, sailing, and traveling.