Monday, May 10, 2021

GPL 3 Good For SOX?

The GPL open source license does not increase legal risk to companies that are
governed by the Sarbanes-Oxley Act of 2002 (SOX), according to the Software
Freedom Law Center (SFLC).

In fact, the GPL may well be on track to actually
improving its applicability for usage concerning SOX compliance, thanks to
proposed new additions in the draft of the GPL version 3 license.

Embedded software maker Wasabi Systems has alleged in a pair of
whitepapers that violations of Linux’s GPL license are, for public companies, violations of U.S. Securities Law, whether the executives of the violating company are aware of any violations.

The SFLC argues in a whitepaper called “Sarbanes-Oxley and
the GPL: No Special Risk” that there is in fact no additional risk to SOX-regulated companies and that arguments on the contrary are “pure antiGPL FUD”
(Fear.Uncertaintly.Doubt).

Eben Moglen, chair of the SFLC and one of the authors
of the GPL, wrote in a statement that there is no new need for concern for
users of GPL-licensed software.

“The fact remains that no criminal charges on the basis of violating the SOX
Act have ever been brought against a GPL user,” Moglen stated.

The SFLC paper contends that for an enterprise that files Securities
and Exchange Commission (SEC) reports, they don’t necessarily have to disclose
particulars of license usage in a filing if the usage of the license is
deemed to be immaterial to the business.

The paper also notes that SOX-mandated companies bear the cost of compliance with SOX no matter what
software licenses they use.

Potential violations of the GPL may well pose less financial risk than
violations of proprietary software licenses.

This article was first published on InternetNews.com. To read the full article, click here.

Similar articles

Latest Articles

Top 10 Professional Services...

Professional services automation (PSA) software aims to offer service-based companies most of the software they will need to run their businesses in one package....

What is Data Aggregation?

Data aggregation is the process where raw data is gathered and presented in a summarized format for statistical analysis. The data may be gathered...

Dell APEX: Our...

One of the missteps IBM made last century was collapsing their sales model, which was services based, to generate a short-term revenue spike. Up...

Companies that Scaled Technology...

NEW YORK — Companies that “doubled down” on their investment in mostly data-heavy technology during the COVID-19 pandemic have seen their revenue grow five...