New York, NY, December 14, 2009//Best Buy, Samsung, Westinghouse, and JVC are among the 14 consumer electronics companies named in a copyright infringement lawsuit filed today in New York by the Software Freedom Law Center (SFLC).
(Here's the URL for the full article: http://www.softwarefreedom.org/news/2009/dec/14/busybox-gpl-lawsuit/ )
The full list of companies being sued is Best Buy, Samsung, Westinghouse, JVC, Western Digital, Robert Bosch, Phoebe Micro, Humax USA, Comtrend, Dobbs-Stanford, Versa Technology, Zyxel Communications, Astak, and GCI Technologies. This is similar to GPL violation lawsuits brought against Cisco, Verizon and a number of smaller companies like Super Micro, Extreme Networks, Bell Microproducts, High Gain Antennas, Xterasys, and Monsoon Media among others.
The newest lawsuit is because those companies are illegally using BusyBox. BusyBox is a super useful program (released under the GPL, of course), which is an embedded-Linux swiss army knife, providing many functions that would otherwise require dozens or hundreds of binaries. Its a life-saver for an embedded developer, but it, or any other GPL software including Linux itself, can be an iceburg to your company if you aren't fully aware of the restrictions that GPL imposes.
I've boiled this down to some simple principles. (But as they say, I'm not a lawyer, I just play one on T.V., so please consult your own legal experts!)
FOR ENGINEERS:
- If you are using open source software, make sure your management and your legal department knows about it. They may be blissfully unaware, but ignorance unfortunately does not stand up in court. The life of your company and your own livelihood can be on the line if your company is sued, and even out-of-court settlements can bankrupt a company. Your company's management needs to assess the risk and put into place any mitigation strategy in case your product is discovered to contain open source and your company is not upholding the conditions of the license.
- If you are not using open source software, help your management team by providing adequate information to explain why you chose a proprietary software solution. They will need to justify the costs required to purchase that software, and avoidance of GPL compliance measures can be one of those factors. Companies are always in pursuit of the lowest cost, and free sometimes is too difficult a temptation to avoid. What is often not realized is that open source is not free--there is a cost required in compliance with open source licensing, and that cost is rarely factored into the total cost of ownership.
- Understand what GPL means for your company, and be familiar with the restrictions and regulations that it imposes on your product development. One of the primary things to understand is that GPL enforces you to provide and publish your source code, which can be a detriment to protecting your company's intellectual property.
- Look into purchasing software management products from companies Black Duck Software, which can identify the orgin of source code throughout your source tree. Black Duck provides an easy way to prove that your software is conformant, and if not, it gives you a quick way to find out what is required to make it conformant.
- If you are using open source, you should employ a conformance officer, who has enough technical skill to understand the engineering aspects of software development, as well as understanding enough legalese to communicate effectively with your legal department. This person's responsibility is to make sure that all code that's used in your products has a known orgin, that all of the many software licenses in your product are collected, managed, and tracked, and that your company is doing what is necessary to be compliant to those licenses. For GPL this basically means contributing all your software changes back to the open source community and providing your software's source code free for download or included with the product. Other licenses may have more strict or more leniant requirements.
- Encourage your engineering staff to fully disclose the orgin of software they are using that they did not write, and make sure you enable the controls and processes needed to track software origination and licensing terms.
- Understand that there is a hidden cost associated with GPL in addition to the loss of intellectual property. Publishing or distributing your software, or making available the source for your software, whether that is through email, website, or CDs, and tracking your conformance are all extra burdens on an organization. Weigh in that cost when deciding on software usage terms based only on price that otherwise look "too good to be true" to understand if they really are as beneficial as they look at first glance.
Now that you've got the basics, you can take a safe swim through the open source sea. Just don't forget to keep an eye out for the crocs!
Posts
No comments:
Post a Comment