Article overstates risks to enterprises

Posted Aug 8, 2008 0:51 UTC (Fri) by gdt (subscriber, #6284)
Parent article: The Pitfalls of Open Source Litigation (InternetNews.com)

Enterprises do two things with open source software: they use distributions and they write software for use in-house. The legal risk from either of those is small, as they are not the distributing party for either of those actions.

This minor legal risk does not justify the expensive measures that Peters suggests. One of the business benefits of open source software is its lack of related expenses. Expenses such as: "From the beginning you must audit your open source software... and you must track and audit usage".

There is a legal risk surrounding distribution: both in complying with the license and in the increased likelihood of detection of patent infringement. So all a typical enterprise need to do to comply with open source software licenses is to remind managers to contact the enterprise's legal affairs office if managers plan to distribute software or software-containing goods beyond the enterprise.

That software can then be inspected, and the related licenses adhered to. For open source licenses this isn't a huge cost, and is a burden which can be readily outsourced. Once this is done the risks attached to distributing open source software are no greater than the risks attached to distributing other software. In both cases a copyright or patent claim can halt distribution, with resulting business consequences.

Verizon's problem is two-fold. Firstly, the distribution of software-containing goods wasn't accompanied by the minor steps required for adherence to the GPL2 license. Secondly, when contacted about this Verizon's legal staff deliberately chose a high-risk strategy. The size of the claim should be seen in the light of this willing acceptance of legal risk, and there was a time when Verizon could have settled for a few tens of thousands of dollars, which is a trivial amount when compared to settlements from breaches of other software licenses.

Article overstates risks to enterprises

Posted Aug 8, 2008 11:32 UTC (Fri) by dps (guest, #5725) [Link] (1 responses)

While it is true that software can be examined it is almost certantly worth keeping track of
what code came from where (and what the relavent licence is). Attempting to deduce this
information after the fact can be very difficult and expensive.

What the article fails to state is that this applies with equal, if not more, force for
non-free components. Some commercial software comes with source code but requires royalities
if you distribue sofwtare containing it.

If you are writing GPLed software none of this matters. You can freely pull in bits at random
from other GPLed software as this only requires things you were going to do anyway.

FUD in the headline

Posted Aug 9, 2008 15:57 UTC (Sat) by dmarti (subscriber, #11625) [Link]

The FUD is the word "enterprises" in the headline. The companies getting sued are hardware vendors that bundle GPL software (ok, busybox) without complying with the license. This happens with all kinds of software -- MSFT sued 21 resellers for example.