The GPL open source license does not increase legal risk to companies that are
governed by the Sarbanes-Oxley Act of 2002 (SOX), according to the Software
Freedom Law Center (SFLC).
In fact, the GPL may well be on track to actually
improving its applicability for usage concerning SOX compliance, thanks to
proposed new additions in the draft of the GPL version 3 license.
Embedded software maker Wasabi Systems has alleged in a pair of
whitepapers that violations of Linux’s GPL license are, for public companies, violations of U.S. Securities Law, whether the executives of the violating company are aware of any violations.
The SFLC argues in a whitepaper called “Sarbanes-Oxley and
the GPL: No Special Risk” that there is in fact no additional risk to SOX-regulated companies and that arguments on the contrary are “pure antiGPL FUD”
Eben Moglen, chair of the SFLC and one of the authors
of the GPL, wrote in a statement that there is no new need for concern for
users of GPL-licensed software.
“The fact remains that no criminal charges on the basis of violating the SOX
Act have ever been brought against a GPL user,” Moglen stated.
The SFLC paper contends that for an enterprise that files Securities
and Exchange Commission (SEC) reports, they don’t necessarily have to disclose
particulars of license usage in a filing if the usage of the license is
deemed to be immaterial to the business.
The paper also notes that SOX-mandated companies bear the cost of compliance with SOX no matter what
software licenses they use.
Potential violations of the GPL may well pose less financial risk than
violations of proprietary software licenses.