Sourcing Linux

At the same time that open-source developers are being forced to ponder those issues, companies using open-source products may be reassessing their legal exposure. The implicit warning to Linux users when SCO recently offered to "hold harmless" companies that sign its Unix license--the terms have yet to be disclosed--is that businesses that don't sign are considered liable. In addition to code copying, SCO says some derivative works, contributed by IBM and others, violate its license agreements. IBM has denied any wrongdoing.

While software contracts sometimes include indemnification clauses that shield customers from potential legal action, such clauses are uncommon with Linux. That, too, must change, say some observers. "Indemnification should not be limited to a particular operating system or software environment," Yankee Group analyst Laura DiDio says.

Roger Gariepy, chief technologist and architect with Air Products and Chemicals Inc., which is testing a Linux cluster, calls legal protection "a significant item for the open-source community to try to figure out."

Protecting The Process What can be done to avoid problems: Promote intellectual-property awareness among developers Have programmers commit in writing that their code is original Involve lawyers in vetting projects for potential problems Apply new tools, such as digital-rights management

Some potential problems do get screened before they surface in business environments. Red Hat stopped shipping an MP3 decoder with its operating system last year because of patent concerns. And commercial software companies aren't immune to intellectual-property claims--Microsoft last week forked over $26 million in licensing fees to settle a patent suit by Immersion Corp.

New tools could help prevent code from being illegally copied. For example, digital-rights-management technology might be applied to software-development processes, says Microsoft senior VP Eric Rudder. "There are probably some very interesting things for us to think about in how developers protect models, chunks of code, or specs," he says.

But before change comes to the open-source process, more participants will have to be convinced it's needed. "The open-source model doesn't have to change for corporate users," argues Scott McNeil, executive director of the Free Standards Group, a nonprofit organization that develops standards for the Linux operating system.

If anything, business-technology managers accustomed to dealing with commercial software companies need to adjust their thinking, says Mike Balma, HP's Linux business strategist. "Linux has different risks than a proprietary environment," Balma says. "If a company isn't willing to accept the risks, they have different options."

That includes paying SCO for its Unix license. Privately held agribusiness J.R. Simplot runs a combination of Linux and Windows operating systems on HP ProLiant servers in its data center. "If there winds up being some decree, and we have to pay $1,000 a pop for our Linux licenses, we'd pay it," says J.R. Simplot technology analyst Tony Adams. Linux is "worth something to us."