Navigating the Legal Risks of Open Source

A Software Freedom Law Center lawyer and other experts talk about what businesses and developers need to know about using open source.
(Page 1 of 3)

Microsoft is once again tormenting the open-source community. This time it’s not about the quality or price of its software, or source code issues. This time Microsoft has set its sights on Linux and other open-source projects, claiming that 235 Microsoft patents have been violated.

What’s the strategy here? Does Microsoft truly intend to collect royalties from everyone using the software in question, as it has been hinting? Or is this a counterpunch in response to GPL version 3, which itself seeks to counter some of Microsoft’s recent open-source moves? Or is this simply a strategy to boost the Microsoft-Novell relationship? Novell’s Linux Indemnification Program, after all, protects SUSE Enterprise Linux customers from IP challenges just like this.

IBM, Red Hat, and others offer similar indemnification programs, but part of the allure of open source in the enterprise is the ability to gather the applications you need from disparate sources. The vendor indemnification programs protect only the vendors’ distributed and supported projects.

It’s not surprising, then, that third parties have stepped in to offer broader protections.

OSRM Seeks to Fill Open Source Legal Void

Back in 2003, two events happened that got Daniel Egger thinking about the risks associated with open-source software. First, the SCO Group sued IBM, claiming that IBM had contributed SCO-owned portions of the UNIX source code to Linux. A number of other suits ensued, and while many of SCO’s claims have been dismissed, the court cases drag on.

At the same time, Egger was looking for his next technology venture. Egger had previously founded Libertech, a database search company, and with a law degree from Yale, the SCO suits caught his attention.

“I saw pretty quickly that their [SCO’s] case had little merit, but it pointed out a problem. They were wrong about specific facts, but they showed that there is a missing piece in intellectual property protection as it applies to open source,” Egger said.

Not long after that, another instance of open-source litigation came along. Broadcom, which supplied chips for Linksys WLAN routers, admitted it had used open-source code in its firmware. The Free Software Foundation pressured both Broadcom and Cisco, which had acquired Linksys, to open up those routers. Cisco eventually did, in a move that devalued its acquisition and allowed end users to access the code base. Many end users then souped-up the routers to create so-called “super routers, effectively undermining how Cisco could control these devices once distributed.

It’s not entirely fair to lump these two cases together. Most industry experts argue that the SCO cases have little merit, and so far court actions back this up. The Cisco case is more subtle. Linksys didn’t know it had open source at the core of its router, and Cisco certainly didn’t figure it was acquiring an open-source wireless provider. Cisco also didn’t bank on the fact that modifying those routers is considered perfectly appropriate under GPL; that’s part of the deal when you use open source.

This later example prompted Egger to found Open Source Risk Management (OSMR), a company that evaluates organizations’ open source obligations, while also providing indemnification to protect against SCO-style lawsuits.

Page 1 of 3

1 2 3
Next Page

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.