Hopefully a good thing.
Haislmaier argued that the BusyBox situation with the SFLC filing legal suits is not a necessary thing but it is hopefully a good thing.
"The BusyBox cases represent what could play out to be major evolution in the open source license enforcement landscape -- with enforcement actions moving from the traditionally private enforcement actions brought by the FSF (Free Software Foundation) and others to far more public lawsuits," Haislmaier explained. "I think everybody hopes that open source compliance practices will evolve as well. I tell clients that the BusyBox lawsuits are not as much a cause for concern as they are cause for compliance and understanding. "
The legal suits have also raised awareness about open source license compliance and may well be a boon to those business that help ensure that organizations stay in line.
"These law suits have certainly increased awareness among all software developers that the SFLC and their client the FSF are serious about enforcing their copyrights," Black Duck's Levin said.
Kim Weins VP of Marketing at OpenLogic noted that her firm has had prospects and customers come to them because they have had legal actions against them in the past or because they are concerned about potential risks.
Haislmaier's business is also benefitting from the BusyBox suits.
"If nothing else, the suits are generating increased interest in the potential risks posed by using open source," Haislmaier said. "I have been asked for years by clients and colleagues, "Why should I care about open source compliance?" The BusyBox lawsuits have helped to drive home the answer to that question for a number of companies."
Haislmaier argued that with the GPL itself the problem of compliance isn't so much about awareness of the requirement but rather an awareness of the extent to which those requirements may apply.
"While there are a number of companies that have implemented very robust open source compliance programs, many more have not," Haislmaier said. "This means not only that these companies are at increased risk of an open source violation, but that the recipients of any of their products containing open source are also at increased risk, many times unknowingly. This is the case in more than one of the BusyBox cases. If the BusyBox lawsuits have demonstrated one thing it is that remaining ignorant of existing open source software usage and potential open source software license violations can be expensive."
What if the SFLC knocks on your door?
If the SFLC contacts your company and alleges that you've got a GPL violation, Palamida's Bui suggests that you do the right thing and comply with the license.
"If the license is not in line with your business needs, find alternative software with license terms that are in line with your business needs," Bui said.
Black Duck's Levin suggest that you contact a lawyer or law firm that has a lot of open source, and specifically GPL, experience.
"Your lawyer may recommend putting a software compliance management program in place and utilize Black Ducks protexIP to identify issues in the code base," Levin said. "The next steps depend on the situation and many other factors."
The key thing to do when contacted by the SFLC though is to do something and not just let the issue remain unchecked. Haislmaier noted that the time line in each of the BusyBox cases has evolved from initial contact by the SFLC regarding the alleged GPL violation through to the filing of a lawsuit at a very rapid pace.
"Unlike many of the private open source compliance actions carried out in the past by the FSF ,it would appear that the SFLC is willing to act quite aggressively on behalf of its clients in pushing their grievances," Haislmaier noted.
"Companies need to respond quickly and decisively to any informal complaints about violations of open source software licenses, whether by the SFLC or any other organization. Those that do not will likely increase their risk of being the subject of a lawsuit."
This article was first published on InternetNews.com.