informa
/
2 min read
article

Microsoft's GPL Gaffe May Be Yours Too

Although Microsoft has been known to dabble in Open Source projects when it suits their business goals, the majority of the company's software is still proprietary and closed to public view. This includes the source to Windows and Office, of course, but it also includes most of the utilities and other support software that Microsoft makes.
Although Microsoft has been known to dabble in Open Source projects when it suits their business goals, the majority of the company's software is still proprietary and closed to public view. This includes the source to Windows and Office, of course, but it also includes most of the utilities and other support software that Microsoft makes.Like many companies, Microsoft contracts out programming chores that aren't strategic. One of the utilities Microsoft handed to a contractor was the USB/DVD Download Tool. This utility was offered at the Microsoft online store so that customers who downloaded Windows 7 can easily install it using either a DVD or a bootable USB flash memory key. The problem? The contractors lifted parts of a GPL Open Source utility, ImageMaster, to make this closed-source tool.

Microsoft quickly removed the tool and acknowledged the issue, then pledged to release the source code to their tool, as required by ImageMaster's GPL license. In addition, they claimed they had conducted a review of all the other software in the Microsoft Store and found no further GPL violations. Yet there are lessons to be learned here for any large company.

If you work in a company that outsources its software development to an overseas company, is it possible that your company is unwittingly using projects built from GPL software? The GPL license requires that you publish your modified version, and many companies wouldn't want to do that at all. But who's to say your contractors don't filch large sections of GPL projects for your company's work? Do you conduct source code reviews of the finished projects to see if the code shows up in public repositories such as Google Code Search? If not, you might have someone knock on your company's door asking for a copy of your line-of-business app built on GPL code.

Looking at the risk-reward tradeoff from the contractor's perspective, there isn't a lot of negative in the equation. It's easy to find code to solve a lot of common problems, or at least part of the problem, in places like Google Code Search. Using that code lets them complete the project in less time, which means they can bid a lower price and/or make a higher profit. If you do discover that there is GPL code in your project, what are you going to do, sue the contractor located halfway across the globe? Good luck with that.