Feeds

Management 'scared' by open source

Suits petrified of covert open-source developers

Providing a secure and efficient Helpdesk

EclipseCon Fear is stalking the corridors of corporate power, as executives sweat over the legal exposure caused by developers using open source software.

And the suits are resorting to play-it-safe legal advice and draconian management techniques in a vain attempt to stop open source crossing their frontier. Tactics include blocking popular sites like SourceForge and banning use of USB drives.

And, such is the hysteria, some business mergers have nearly come undone over the acquirees' use of open source.

In all, developers attending this week's EclipseCon must have had their darkest fears - that senior management is out of touch with the development shop floor - confirmed during a lively panel discussion on intellectual property issues and the risks of blending commercial and open source software.

Attending the panel were IBM, BEA Systems, OpenLogic, Black Duck, and Palamida. Yes, you could call this a case of predictable vendor scaremongering to drum up new business, but don't forget some well known open source cases are already on record - Tivo, Linksys/Cisco, and Progress Software versus MySQL, anyone?

What's behind such shenanigans?

According to Palamida co-founder Jeff Luszcz a disconnect exists between managers who set corporate open source policies and developers supposed to follow them, but who end up covering their tracks to make it seem like they are not using open source. Developers, though, end up using open source because of its ubiquity and not using it "puts them at a competitive disadvantage because their competitors are".

An example of the disconnect? OpenLogic director of community and partner programs Stormy Peters, who outlined the measures taken by one company, said: "We had a customer with a policy of no open source. They ended up blocking SourceForge.net, but people started downloading at home on thumb drives. The company then started saying 'no thumb drives'. You can't keep this up!"

Another problem: the increasingly distributed nature of development makes bans impossible, as offshore teams and outsourcing partners employ open source.

Companies running open source also often make the mistake of thinking they are running a relatively benign, commercial-friendly license like BSD when they are actually using GPL, which has limitations on modification and distribution of code.

And that's a problem because 10 per cent of open source code leaks out of development and into final product, meaning companies really are potentially at risk from rightfully aggrieved software authors. In at least one case, an ISV paid a developer after its product shipped because it contained their GPL'd code.

With GPL 3.0 coming, things ain't going to get any easier - especially for Software as a Service (SaaS). Sit up and pay attention Silicon Valley.

SaaS providers should ensure any modified GPL'd software they use is not deliberately or inadvertently downloaded to the user as this could be considered distribution. "No one can make that call until there has been a court case. [Use] is at your own risk. I'd say be very sure you are not distributing that software," Peters said.

What's creating the confusion? Everyone's favorite: license proliferation. Yes, there might be 58 OSI-approved licenses, but there are also thousands of vanity licenses that vary by only tiny degrees - an interesting fact, given Eclipse created its own (OSI-approved) license that happens to be incompatible with the GPL.

Black Duck president and CEO Doug Levin blamed proliferation and general lack of knowledge among the very legal teams management relies on for creating extreme lock down policies. "That stems from attorneys not being fully educated about open source software. This has to change as more information becomes available." Peters agreed: "Open source has a lot of FUD associated with it...it should be a case of weighing up the risks and the reward."

Among the panel's recommendations: educating managers about open source and licenses, regularly reviewing processes, and monitoring donations to the community. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
'People have forgotten just how late the first iPhone arrived ...'
Plus: 'Google's IDEALISM is an injudicious justification for inappropriate biz practices'
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.