Open Source—Not Open Season

We have worked with many firms who have incorporated Open Source modules and applications into their commercial products. These have ranged from print drivers to more obscure technical components within security products. All of these uses can be compliant with the Open Source licensing and use standards as long as the using companies comply to the letter of the law with their use.

Recent ruling

While we are not inclined to reading most of what comes out of the U.S. appeals court we do try to follow it for software cases. A recent opinion by the U.S. Court of Appeals for the Federal Circuit, JACOBSEN v. KATZER (and a company called Kamind) back in August should ring an alarm bell for many companies. The case was about a copyright infringement by Kamind, creating software for the model train industry. They were apparently not complying with the open source “Artistic License” as set forth in the open source documentation and the court concluded;

The clear language of the Artistic License creates conditions to protect the economic rights at issue in the granting of a public license. These conditions govern the rights to modify and distribute the computer programs and files included in the downloadable software package. The attribution and modification transparency requirements directly serve to drive traffic to the open source incubation page and to inform downstream users of the project, which is a significant economic goal of the copyright holder that the law will enforce.

A case in point is the embarrassing discovery, for Cisco, that soon after its 2003 purchase of Linksys, it was obligated to release the firmware to the venerable Linksys WRT54G router when motivated users uncovered that pieces of the firmware were based on Linux.

Resistance is futile

It seems clear that in order to use open source software, in any type of product, the using body must be willing and committed to following the specific rules as described in the documentation that is associated with the open source software. Further, there is much independent observation of commercial products for the use (or misuse) of open source products. Don’t assume that since you’ve used a very short string of open source code that it will not be found out.

Cover your assets

So what’s a company to do about the use of open source code either for company operations or within commercial products? Here’s a checklist of 10 things to look for:

Item Open Source Compliance Checklist Action Items Check
1 Define Corporate guidelines for the use of open-source, free and other third-party code. Validate its legal status.  
2 Assess what specific open source code is used  
3 Assess what specific free code is used  
4 Assess what specific third-party code is used  
5 Create an inventory system to manage the use of all types of code.  
6 Make sure the selection and use of open-source, free and other third-party code is properly gated and that the decision to use the product is not left up to individuals. Be careful to have an expedited process (decision within 24 hours) or else the process will be circumvented.  
7 Determine what must be done to comply with any "Artistic License" or rules governing use.  
8 Semi-annually run an inventory check to validate existing and find new code. Consider the use of a tool such as source-code compliance applications from the likes of Black Duck and Palimida  
9 Semi-annually determine if compliance standards are up to date. This may involve painfully trolling through open source websites for changes to compliance documents.  
10 Comply with your public obligations to post updated open source based upon the use policy of the particular code or application.  

Send this article to:
  • Digg
  • Facebook
  • Tumblr
  • Google
  • StumbleUpon
  • Technorati
  • E-mail this story to a friend!
  • Print this article!

Leave a comment