Feeds

Management 'scared' by open source

Suits petrified of covert open-source developers

The Power of One Brief: Top reasons to choose HP BladeSystem

EclipseCon Fear is stalking the corridors of corporate power, as executives sweat over the legal exposure caused by developers using open source software.

And the suits are resorting to play-it-safe legal advice and draconian management techniques in a vain attempt to stop open source crossing their frontier. Tactics include blocking popular sites like SourceForge and banning use of USB drives.

And, such is the hysteria, some business mergers have nearly come undone over the acquirees' use of open source.

In all, developers attending this week's EclipseCon must have had their darkest fears - that senior management is out of touch with the development shop floor - confirmed during a lively panel discussion on intellectual property issues and the risks of blending commercial and open source software.

Attending the panel were IBM, BEA Systems, OpenLogic, Black Duck, and Palamida. Yes, you could call this a case of predictable vendor scaremongering to drum up new business, but don't forget some well known open source cases are already on record - Tivo, Linksys/Cisco, and Progress Software versus MySQL, anyone?

What's behind such shenanigans?

According to Palamida co-founder Jeff Luszcz a disconnect exists between managers who set corporate open source policies and developers supposed to follow them, but who end up covering their tracks to make it seem like they are not using open source. Developers, though, end up using open source because of its ubiquity and not using it "puts them at a competitive disadvantage because their competitors are".

An example of the disconnect? OpenLogic director of community and partner programs Stormy Peters, who outlined the measures taken by one company, said: "We had a customer with a policy of no open source. They ended up blocking SourceForge.net, but people started downloading at home on thumb drives. The company then started saying 'no thumb drives'. You can't keep this up!"

Another problem: the increasingly distributed nature of development makes bans impossible, as offshore teams and outsourcing partners employ open source.

Companies running open source also often make the mistake of thinking they are running a relatively benign, commercial-friendly license like BSD when they are actually using GPL, which has limitations on modification and distribution of code.

And that's a problem because 10 per cent of open source code leaks out of development and into final product, meaning companies really are potentially at risk from rightfully aggrieved software authors. In at least one case, an ISV paid a developer after its product shipped because it contained their GPL'd code.

With GPL 3.0 coming, things ain't going to get any easier - especially for Software as a Service (SaaS). Sit up and pay attention Silicon Valley.

SaaS providers should ensure any modified GPL'd software they use is not deliberately or inadvertently downloaded to the user as this could be considered distribution. "No one can make that call until there has been a court case. [Use] is at your own risk. I'd say be very sure you are not distributing that software," Peters said.

What's creating the confusion? Everyone's favorite: license proliferation. Yes, there might be 58 OSI-approved licenses, but there are also thousands of vanity licenses that vary by only tiny degrees - an interesting fact, given Eclipse created its own (OSI-approved) license that happens to be incompatible with the GPL.

Black Duck president and CEO Doug Levin blamed proliferation and general lack of knowledge among the very legal teams management relies on for creating extreme lock down policies. "That stems from attorneys not being fully educated about open source software. This has to change as more information becomes available." Peters agreed: "Open source has a lot of FUD associated with it...it should be a case of weighing up the risks and the reward."

Among the panel's recommendations: educating managers about open source and licenses, regularly reviewing processes, and monitoring donations to the community. ®

Securing Web Applications Made Simple and Scalable

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.