McAfee Issues Warning Over 'Ambiguous' Open Source Licenses

McAfee warned that license terms governing open source software "may result in unanticipated obligations regarding our products."

Paul McDougall, Editor At Large, InformationWeek

January 3, 2008

2 Min Read
InformationWeek logo in a gray background | InformationWeek

McAfee frequently cautions other companies about the latest bugs and computer viruses, but the security software maker is now warning that its own business could be in jeopardy -- not from some form of malware but from the fact that its products rely heavily on open source software.

In its recently published annual report, McAfee warned investors that the "ambiguous" license terms governing the open source software it uses "may result in unanticipated obligations regarding our products.

"To the extent that we use 'open source' software, we face risks," McAfee warned.

McAfee said it's particularly troubling that the legality of terms included in the GNU/General Public License -- the most widely used open source license -- have yet to be tested in court.

"Use of GPL software could subject certain portions of our proprietary software to the GPL requirements, which may have adverse effects on our sales of the products incorporating any such software," McAfee said in the report filed last month with the Securities and Exchange Commission.

Among other things, the GPL requires that manufacturers who in their products use software governed by the license distribute the software's source code to end users or customers.

Some manufacturers have voiced concerns that the requirement could leave important security or copyright protection features in their products open to tampering. DVR-maker Tivo, for example, last year warned investors that it may have to discontinue using open source software in its recorders due to concerns about the GPL.

McAfee's warning may have been prompted by the fact the Software Freedom Law Center, an open source advocacy group, recently filed a series of lawsuits against alleged GPL violators.

In one of the suits, a pair of open source software developers last month reached a settlement with a tech vendor they claim violated the terms of the GPL.

The vendor, networking device manufacturer Xterasys, agreed to pay developers Erik Andersen and Rob Landley an undisclosed sum. It also agreed to comply with the GPL and appoint and internal "open source compliance officer."

The Software Freedom Law Center has filed three other lawsuits on behalf of Andersen and Landley claiming improper use of their software. One was settled, while the other two remain pending.

The most recent action is seen as a possible test case for the GPL as it was filed against telecom giant Verizon. Andersen and Landley claim that Verizon is using their BusyBox software in its FiOS broadband router without making the source code available to customers.

About the Author

Paul McDougall

Editor At Large, InformationWeek

Paul McDougall is a former editor for InformationWeek.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights