Government // Enterprise Architecture
Commentary
12/18/2007
10:42 AM
Paul McDougall
Paul McDougall
Commentary
Connect Directly
RSS
E-Mail
50%
50%

IT's Newest Title: 'Open Source Compliance Officer'

To a list that includes CIO and CTO you can now add, thanks to a legal settlement, 'OSCO'. And here's why your company might soon need to hire one.

To a list that includes CIO and CTO you can now add, thanks to a legal settlement, 'OSCO'. And here's why your company might soon need to hire one.The background: Two developers of open source software licensed under the GNU General Public License (GPL) earlier this year sued a tech vendor for using their product in a manner contrary to the license.

Specifically, Erik Andersen and Rob Landley claimed that networking hardware vendor Xterasys used their BusyBox software without providing its source code to end users, as the GPL requires.

(BusyBox is a set of tools that allows software to operate in resource-constrained environments -- like a small networking device, for example.)

On Monday, the Software Freedom Law Center -- an advocacy group that backed the lawsuit -- announced that Xterasys had reached a settlement with Andersen and Landley.

Among the terms: Xterasys will cease all binary distribution of BusyBox until the SFLC confirms that "it has published complete corresponding source code on its Web site," according to a statement released by SFLC. Xterasys also will make a cash payment, value undisclosed, to the developers.

But here's the real kicker. As part of the deal, "Xterasys has agreed to appoint an internal Open Source Compliance Officer to monitor and ensure GPL compliance." The OSCO's duties will include notifying "previous recipients of BusyBox from Xterasys of their rights under the GPL."

What's the message here for corporate IT departments? The SFLC is basically saying that if you use of open source software willy-nilly, and don't comply to the letter with the GPL, it will drag you into court and try its best to have a watchdog (watch penguin?) inserted into your operations.

That's a scary thought.

And it's probably going to make more than a few CIOs shudder, given that most Fortune 500 companies uses open source software in their data centers (think Linux or Apache) and many include it in the products they sell.

Indeed, the SFLC recently sued Verizon for using BusyBox in a router that's part of its FiOS broadband service. That case is still pending -- and could truly set a precedent given Verizon's size and legal resources.

If SFLC prevails, we might hear an announcement from the phone giant along the following lines: "Verizon is pleased [teeth gritted] to name as Chief Open Source Compliance Officer…"

The question is whether all this is good or bad for the open source software movement. It's possible that the SFLC's sudden litigiousness will scare off potential open source users. That's something Andersen and Landley might want to think about while counting their Xterasys money.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.