Open Source Compliance Trend


There have been a number of lawsuits over the past 2 years, and it is starting to look like a trend! Both the out of court settlements and the court determined settlements have favored the plaintiffs, ie, the advocates of open source. The courts have ruled that the license obligations are enforceable. Further, it appears that both the original commercial software developer and the company that buys and distributes the commercial software are equally liable, if the open source inside the commercial software comes with license obligations that are not fulfilled.
Most of the settlements have driven the appointment of an open source compliance officer. This is someone who is empowered in the corporation to insure that the open source license obligations are, in fact, met. This is something Gartner has recommended for some time, and it looks like the trend to create this type of post is gathering steam.
So it is becoming official, companies using open source inside their commercial software should appoint an open source compliance officer to help create the open source policies and then enforce them.
Details of the last 9 court cases is below:
-Verizon, the telecommunications giant, was sued by the Free Software Foundation. The suit alleged that Verizon was distributing Busybox in its FIOS wireless routers (which were made by Actiontec Electronics). Busybox is licensed under GPL, and Verizon was accused of not honoring the GPL obligations and not making the Busybox source code available to its customers. The suit was settled with Actiontec Electronics agreeing to 1) appoint an Open Source compliance officer 2) publishing the BusyBox source code on their website 3) informing all of their customers including Verizon of the obligations posed by the GPL license. Of course, Actiontec Electronics is also paying an undisclosed sum to the Free Software Foundation, similar to the last 3 lawsuits brought by the Free Software Foundation.
-Diebold, maker of voting machines, was sued by Artifex, copyright owner of the Ghostscript open source package. Artifex has accused Diebold of incorporating Ghostscript into its commercial voting machines without honoring the terms of the GPL.
-Skype, maker of the phone conferencing software, was sued by GPL-Violations.org in a German court. The court found that Skype was guilty of not upholding the terms of the GPL. Skype was distributing a third party VoIP phone from SMC Networks (the WSKP100) which used a version of Linux. Skype was found to not providing an adequate mechanism for the user to get an alternative copy of Linux. While the infraction is relatively minor, this ruling upheld the general principle that the provisions of the license are enforceable, and in this case, enforceable in Europe.
-D-Link, maker of various routers, was sued by GPL-Violations.org in a German court. The complaint was that D-Link was selling and distributing the DSM-G600 product which incorporated GPL licensed software and yet D-Link was not meetings its GPL license obligations. The German court found that “D-Link is not entitled to dismiss GPL’s legality on the one hand, while at the same time enjoying the use of code licensed under it.” D-Link has signed a cease and desist agreement, published firmware on its site, and informed customers. In addition, the court found D-Link liable for the expenses incurred by GPL-Violations.org.
-Fortinet, a small maker of firewalls, was sued by GPL-Violations.org in a German court for distributing Linux without following the terms of the GPL. The court ruled against Fortinet, and Fortinet agreed to publish the GPL licensed code on its website and to let customers know.
-Monsoon Media, was sued by the Free Software Foundation. The suit alleged that Monsoon was distributing Busybox, which is licensed under GPL, inside its products, while not honoring the terms of the GPL. Monsoon settled this out of court by agreeing to pay the Free Software Foundation an undisclosed sum, while also publishing the GPL licensed code and letting its customers know.
-Xterasys Corporation, was sued by the Free Software Foundation. The suit alleged that Xterasys Corporation was distributing Busybox, which is licensed under GPL, inside its products, while not honoring the terms of the GPL. Xterasys settled this out of court by agreeing to pay the Free Software Foundation an undisclosed sum, while also publishing the GPL licensed code and letting its customers know. Xterasys also agreed to create a post of Open Source Compliance Officer.
-High Gain Antennas, was sued by the Free Software Foundation. The suit alleged that High Gain Antennas was distributing Busybox, which is licensed under GPL, inside its products, while not honoring the terms of the GPL. High Gain Antennas settled this out of court by agreeing to pay the Free Software Foundation an undisclosed sum, while also publishing the GPL licensed code and letting its customers know. High Gain Antennas also agreed to create a post of Open Source Compliance Officer.
-Cisco, maker of the Linksys family of routers, was sued by the Free Software Foundation for copyright infringement. Per the suit, Cisco has incorporated several GPL and LGPL licensed components including the GNU GCC and the GNU User Stack, both essential components of Linux, and Cisco has repeatedly failed to fulfill the GPL obligations which include disclosing that their products include GPL licensed code and offering to make that code freely available to customers. This suit was settled out of court, with Cisco agreeing to the usual conditions, ie, paying an undisclosed sum to the plaintiff and agreeing to honor the terms of the license while appointing an open source compliance officer.
Comments are closed.