Software licensed under the GPL open source license is considered to be Free
Software but that doesn't mean it's free as in beer and that developers don't have
rights. As four cases in point in 2007, the Software Freedom Law Center
(SFLC) has filed legal suits against four different defendants for alleged
infringement of the BusyBox's GPL licensed code.
BusyBox is a collection of UNIX utilities that have been optimized for size and are most commonly used in embedded environments. BusyBox is licensed under the GPL which is a reciprocal license and requires that users make the source code available to end users.
Will your company be next to get a call from the SFLC lawyers? Do you know
if you're using GPL licensed code in your organization properly?
Experts note that there are a number of different things that organization
can do to protect themselves and to ensure that they are in compliance with
the GPL. There are also a few steps that organizations should take if the
SFLC or someone else alleges that you're in violation of the GPL.
One of the most obvious is to identify where you may have GPL licensed code like BusyBox within your
infrastructure or developments. To that end there are at least three
different tools available. OpenLogic offers a tool called OSS Discovery
which can discover BusyBox as well as 900 other open source products.
Doug Levin CEO of Black Duck told InternetNews.com that
protexIP, Black Duck’s flagship product, analyzes both source code and
binaries to identify GPL snippets, code segments, blocks and trees. The
reports produced identify the license violations and other issues. The
report, which Black Duck calls the Bill of Materials, can help engineers and
attorneys make decisions about the disposition of the code and code base,
license violations and other issues.
InternetNews Realtime IT News - Are You Violating BusyBoxs GPL Code?::
take if the SFLC or someone else alleges that youre in violation of the GPL. The reports produced identify the license violations and other issues.
http://www.internetnews.com/dev-news/article.php/3718161HOME |
Palamida is another vendor with a solution for license usage and
identification. Theresa Bui Friday, co-founder and VP of Marketing at
Palamida said that Palamida software can point customers to the exact place in their code where there is an issue,
pointing out where the Busybox resides across their codebase, whether they
are using source code, binary files, or any other resources associated with
BusyBox.
"We should also point out that even when a component is embedded within
another component, we can flag it as an issue that should be reviewed," Bui told InternetNews.com.
From a legal point of view, a company's responsibility when it comes to open
source software usage is quite clear. Jason Haislmaier an attorney with
Holme Roberts and Owen LLP is right in the thick of things when it comes to
compliance. He is the attorney representing High-Gain Antennas, one of the
defendants in the BusyBox suits. Haislmaier's prefaced his comments by
noting that he is not commenting specifically on that case.
"The bottom line is that companies need to understand their use of open
source software and make each use of open source a knowing and compliant
use," Haislmaier said. "This starts with implementing and maintaining an
open source compliance program to help understand when and where open source
is in use in your company so that you can take the proper steps to comply
with the open source licenses applicable to that software."
The reality is that until the BusyBox cases came along this year, it's
likely that many organizations were either not aware of their compliance
issues or simply did not take them seriously. The SFLC has filed legal suits
against Monsoon
Multimedia, Xterasys, High Gain Antennas and Verizon.
To date only Monsoon and Xterasys have
settled.
 In a Win For GPL, Open Source Group Settles
 SEC Charges Former AOL Execs in $1B Web Ad Scam | 