Feeds

Management 'scared' by open source

Suits petrified of covert open-source developers

Providing a secure and efficient Helpdesk

EclipseCon Fear is stalking the corridors of corporate power, as executives sweat over the legal exposure caused by developers using open source software.

And the suits are resorting to play-it-safe legal advice and draconian management techniques in a vain attempt to stop open source crossing their frontier. Tactics include blocking popular sites like SourceForge and banning use of USB drives.

And, such is the hysteria, some business mergers have nearly come undone over the acquirees' use of open source.

In all, developers attending this week's EclipseCon must have had their darkest fears - that senior management is out of touch with the development shop floor - confirmed during a lively panel discussion on intellectual property issues and the risks of blending commercial and open source software.

Attending the panel were IBM, BEA Systems, OpenLogic, Black Duck, and Palamida. Yes, you could call this a case of predictable vendor scaremongering to drum up new business, but don't forget some well known open source cases are already on record - Tivo, Linksys/Cisco, and Progress Software versus MySQL, anyone?

What's behind such shenanigans?

According to Palamida co-founder Jeff Luszcz a disconnect exists between managers who set corporate open source policies and developers supposed to follow them, but who end up covering their tracks to make it seem like they are not using open source. Developers, though, end up using open source because of its ubiquity and not using it "puts them at a competitive disadvantage because their competitors are".

An example of the disconnect? OpenLogic director of community and partner programs Stormy Peters, who outlined the measures taken by one company, said: "We had a customer with a policy of no open source. They ended up blocking SourceForge.net, but people started downloading at home on thumb drives. The company then started saying 'no thumb drives'. You can't keep this up!"

Another problem: the increasingly distributed nature of development makes bans impossible, as offshore teams and outsourcing partners employ open source.

Companies running open source also often make the mistake of thinking they are running a relatively benign, commercial-friendly license like BSD when they are actually using GPL, which has limitations on modification and distribution of code.

And that's a problem because 10 per cent of open source code leaks out of development and into final product, meaning companies really are potentially at risk from rightfully aggrieved software authors. In at least one case, an ISV paid a developer after its product shipped because it contained their GPL'd code.

With GPL 3.0 coming, things ain't going to get any easier - especially for Software as a Service (SaaS). Sit up and pay attention Silicon Valley.

SaaS providers should ensure any modified GPL'd software they use is not deliberately or inadvertently downloaded to the user as this could be considered distribution. "No one can make that call until there has been a court case. [Use] is at your own risk. I'd say be very sure you are not distributing that software," Peters said.

What's creating the confusion? Everyone's favorite: license proliferation. Yes, there might be 58 OSI-approved licenses, but there are also thousands of vanity licenses that vary by only tiny degrees - an interesting fact, given Eclipse created its own (OSI-approved) license that happens to be incompatible with the GPL.

Black Duck president and CEO Doug Levin blamed proliferation and general lack of knowledge among the very legal teams management relies on for creating extreme lock down policies. "That stems from attorneys not being fully educated about open source software. This has to change as more information becomes available." Peters agreed: "Open source has a lot of FUD associated with it...it should be a case of weighing up the risks and the reward."

Among the panel's recommendations: educating managers about open source and licenses, regularly reviewing processes, and monitoring donations to the community. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.