The International Herals Tribune publishes Robert Wisemans article Careful reading of licenses may be needed to avoid litigation when using opensource. Excerpts with edits and my comments added:
Open Source components inside software products can be potential, "Deadly Room of Death that one may not like to have inside the product." Many software companies and other businesses as engineers frantically search their files for something they hope not to find: open-source components. The improper use of open-source components, in the worst-case scenario, could subject companies to costly litigation from parties like SCO Group of Lindon, Utah. SCO says it owns intellectual property in the Linux open-source operating system and has set off alarm bells in executive suites by suing International Business Machines and three other Linux-using companies over the past year. "It's almost like you've got be a lawyer now to develop software," grumbled Jothy Rosenberg, chief executive and chief technical officer, Service Integrity ,who this month ordered a 24-hour scanning of his company's Sift 3.5 software during a "code freeze" before its introduction. "In this day and age, anybody building a commercial piece of software has got to do this. It's like buying insurance on your building."
There are no hard numbers on how much U.S. businesses are spending to prevent themselves from possibly infringing on open-source licenses. While few say that the problem rises to the level of the "Y2K" problem - adapting numerous programs to display four-digit numbers for years after 1999 - many say it has become pressing and costly. Some liken it to the Sarbanes-Oxley financial reporting requirements that have rattled executives at publicly traded companies. And the problems are related, in that Sarbanes-Oxley requires public companies to value their software and assess their litigation risks. Open-source software is freely available to use, distribute and modify, but it is subject to large and small restrictions set forth in dozens of open-source licenses. Some companies, like Avid Technology, which makes digital film editing machines, have sought to avoid license conflicts by banning open-source software. Others have persisted in using open-source code but have purchased scanning software or set up search engines to hunt for license conflicts they can resolve through proper identification or attribution. The most serious conflicts, involve code covered by the so-called General Public License. Under that license, anyone who acquires and modifies open-source code must make their modified versions freely available to the public. Depending on how many files of code are covered and what is in them, such a requirement can sometimes be a major impediment for a proprietary software company. Among the scariest aspects of the problem is that many business executives do not know whether open-source code is in their software, or they mistakenly presume that they have none. Either way, they could be setting themselves up for a lawsuit.
Software developers working on "value-added" applications routinely borrow pieces of open-source code as building blocks for such functions as encryption, security or platform interfacing. Offshore programmers for American companies have become especially adept at grabbing lines of open-source code and mixing them with proprietary code in progress. "There are corporations that literally don't know what lurks in their code," said Douglas Levin of Black Duck , a start-up company. Black Duck developed its scanning software partly by assembling a giant repository of open-source code, employing a young team of "spiders" to sift through Web sites looking for open-source lines and patterns. A related article here highlights the potential for litigation in using opensource. Law firms, consultants, software developers and technology service companies - also are moving to capitalize on the jitters that have been spreading in the business world. Optaros , a consulting start-up, is offering to provide its clients with open-source audits, examining how they use the software and advising on licenses. Levin, president and chief executive of Black Duck Software estimated that the market for all companies addressing open-source litigation risks could total $500 million by 2005. "There are a lot of challenges for companies working with open-source software, but they're manageable," is what some in the industry feel. "Open-source is here, and companies have to deal with it, just like you have to deal with snow in New England." Open-source has been around for two decades as a favorite tool of computer scientists and technology-minded college students, but it only recently has moved into the business world.
IBM's decision to support Linux in 1999, partly as a counterweight to the dominant Windows operating system sold by its rival, Microsoft, brought open-source software into corporate data centers where it has gained momentum among users of large servers, the machines that form the backbone of business computer networks. But the corporate love affair with open-source cooled in March 2003 when SCO sued IBM for more than $1 billion, alleging that it had introduced into Linux proprietary code misappropriated from SCO. And SCO has since sued DaimlerChrysler, AutoZone and Novell, the company that sold SCO the source code and patents from the Unix operating system that was a model for Linux. About 1,500 other Linux-using companies received warning letters from SCO. Businesses fear that SCO's flurry of lawsuits may be a sign of trouble to come. "What SCO has done is to throw down the gauntlet," Scott Nathan, a lawyer, said. "If SCO is successful, there are going to be copycats." Nuisance suits related to open-source could prove a worrisome distraction for companies that have belatedly embraced the technology as a cost-saving measure. "If you're Wal-Mart and you have embedded Linux in every cash register, you might be seen as a deep pocket" by litigious SCO copycats, said Thomas Carey, an attorney with the Boston law firm Bromberg & Sunstein. Interesting developments. Watch this space for related developments.