Download the authoritative guide: Cloud Computing 2018: Using the Cloud to Transform Your BusinessThe GPL open source license does not increase legal risk to companies that are governed by the Sarbanes-Oxley Act of 2002 (SOX), according to the Software Freedom Law Center (SFLC).
In fact, the GPL may well be on track to actually improving its applicability for usage concerning SOX compliance, thanks to proposed new additions in the draft of the GPL version 3 license.
Embedded software maker Wasabi Systems has alleged in a pair of whitepapers that violations of Linux's GPL license are, for public companies, violations of U.S. Securities Law, whether the executives of the violating company are aware of any violations.
The SFLC argues in a whitepaper called "Sarbanes-Oxley and the GPL: No Special Risk" that there is in fact no additional risk to SOX-regulated companies and that arguments on the contrary are "pure antiGPL FUD" (Fear.Uncertaintly.Doubt).
"The fact remains that no criminal charges on the basis of violating the SOX Act have ever been brought against a GPL user," Moglen stated.
The SFLC paper contends that for an enterprise that files Securities and Exchange Commission (SEC) reports, they don't necessarily have to disclose particulars of license usage in a filing if the usage of the license is deemed to be immaterial to the business.
The paper also notes that SOX-mandated companies bear the cost of compliance with SOX no matter what software licenses they use.
Potential violations of the GPL may well pose less financial risk than violations of proprietary software licenses.