Software // Enterprise Applications
News
1/3/2008
11:51 AM
Connect Directly
RSS
E-Mail
50%
50%

McAfee Issues Warning Over 'Ambiguous' Open Source Licenses

McAfee warned that license terms governing open source software "may result in unanticipated obligations regarding our products."

McAfee frequently cautions other companies about the latest bugs and computer viruses, but the security software maker is now warning that its own business could be in jeopardy -- not from some form of malware but from the fact that its products rely heavily on open source software.

In its recently published annual report, McAfee warned investors that the "ambiguous" license terms governing the open source software it uses "may result in unanticipated obligations regarding our products.

"To the extent that we use 'open source' software, we face risks," McAfee warned.

McAfee said it's particularly troubling that the legality of terms included in the GNU/General Public License -- the most widely used open source license -- have yet to be tested in court.

"Use of GPL software could subject certain portions of our proprietary software to the GPL requirements, which may have adverse effects on our sales of the products incorporating any such software," McAfee said in the report filed last month with the Securities and Exchange Commission.

Among other things, the GPL requires that manufacturers who in their products use software governed by the license distribute the software's source code to end users or customers.

Some manufacturers have voiced concerns that the requirement could leave important security or copyright protection features in their products open to tampering. DVR-maker Tivo, for example, last year warned investors that it may have to discontinue using open source software in its recorders due to concerns about the GPL.

McAfee's warning may have been prompted by the fact the Software Freedom Law Center, an open source advocacy group, recently filed a series of lawsuits against alleged GPL violators.

In one of the suits, a pair of open source software developers last month reached a settlement with a tech vendor they claim violated the terms of the GPL.

The vendor, networking device manufacturer Xterasys, agreed to pay developers Erik Andersen and Rob Landley an undisclosed sum. It also agreed to comply with the GPL and appoint and internal "open source compliance officer."

The Software Freedom Law Center has filed three other lawsuits on behalf of Andersen and Landley claiming improper use of their software. One was settled, while the other two remain pending.

The most recent action is seen as a possible test case for the GPL as it was filed against telecom giant Verizon. Andersen and Landley claim that Verizon is using their BusyBox software in its FiOS broadband router without making the source code available to customers.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.