IT's Newest Title: 'Open Source Compliance Officer'

To a list that includes CIO and CTO you can now add, thanks to a legal settlement, 'OSCO'. And here's why your company might soon need to hire one.

Paul McDougall, Editor At Large, InformationWeek

December 18, 2007

2 Min Read

To a list that includes CIO and CTO you can now add, thanks to a legal settlement, 'OSCO'. And here's why your company might soon need to hire one.The background: Two developers of open source software licensed under the GNU General Public License (GPL) earlier this year sued a tech vendor for using their product in a manner contrary to the license.

Specifically, Erik Andersen and Rob Landley claimed that networking hardware vendor Xterasys used their BusyBox software without providing its source code to end users, as the GPL requires.

(BusyBox is a set of tools that allows software to operate in resource-constrained environments -- like a small networking device, for example.)

On Monday, the Software Freedom Law Center -- an advocacy group that backed the lawsuit -- announced that Xterasys had reached a settlement with Andersen and Landley.

Among the terms: Xterasys will cease all binary distribution of BusyBox until the SFLC confirms that "it has published complete corresponding source code on its Web site," according to a statement released by SFLC. Xterasys also will make a cash payment, value undisclosed, to the developers.

But here's the real kicker. As part of the deal, "Xterasys has agreed to appoint an internal Open Source Compliance Officer to monitor and ensure GPL compliance." The OSCO's duties will include notifying "previous recipients of BusyBox from Xterasys of their rights under the GPL."

What's the message here for corporate IT departments? The SFLC is basically saying that if you use of open source software willy-nilly, and don't comply to the letter with the GPL, it will drag you into court and try its best to have a watchdog (watch penguin?) inserted into your operations.

That's a scary thought.

And it's probably going to make more than a few CIOs shudder, given that most Fortune 500 companies uses open source software in their data centers (think Linux or Apache) and many include it in the products they sell.

Indeed, the SFLC recently sued Verizon for using BusyBox in a router that's part of its FiOS broadband service. That case is still pending -- and could truly set a precedent given Verizon's size and legal resources.

If SFLC prevails, we might hear an announcement from the phone giant along the following lines: "Verizon is pleased [teeth gritted] to name as Chief Open Source Compliance Officer…"

The question is whether all this is good or bad for the open source software movement. It's possible that the SFLC's sudden litigiousness will scare off potential open source users. That's something Andersen and Landley might want to think about while counting their Xterasys money.

About the Author(s)

Paul McDougall

Editor At Large, InformationWeek

Paul McDougall is a former editor for InformationWeek.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights