Navigating the Legal Risks of Open Source

What’s the strategy here? Does Microsoft truly intend to collect royalties from everyone using the software in question, as it has been hinting? Or is this a counterpunch in response to GPL version 3, which itself seeks to counter some of Microsoft’s recent open-source moves? Or is this simply a strategy to boost the Microsoft-Novell relationship? Novell’s Linux Indemnification Program, after all, protects SUSE Enterprise Linux customers from IP challenges just like this.

IBM, Red Hat, and others offer similar indemnification programs, but part of the allure of open source in the enterprise is the ability to gather the applications you need from disparate sources. The vendor indemnification programs protect only the vendors’ distributed and supported projects.

It’s not surprising, then, that third parties have stepped in to offer broader protections.

OSRM Seeks to Fill Open Source Legal Void

Back in 2003, two events happened that got Daniel Egger thinking about the risks associated with open-source software. First, the SCO Group sued IBM, claiming that IBM had contributed SCO-owned portions of the UNIX source code to Linux. A number of other suits ensued, and while many of SCO’s claims have been dismissed, the court cases drag on.

At the same time, Egger was looking for his next technology venture. Egger had previously founded Libertech, a database search company, and with a law degree from Yale, the SCO suits caught his attention.

“I saw pretty quickly that their [SCO’s] case had little merit, but it pointed out a problem. They were wrong about specific facts, but they showed that there is a missing piece in intellectual property protection as it applies to open source,” Egger said.

Not long after that, another instance of open-source litigation came along. Broadcom, which supplied chips for Linksys WLAN routers, admitted it had used open-source code in its firmware. The Free Software Foundation pressured both Broadcom and Cisco, which had acquired Linksys, to open up those routers. Cisco eventually did, in a move that devalued its acquisition and allowed end users to access the code base. Many end users then souped-up the routers to create so-called “super routers, effectively undermining how Cisco could control these devices once distributed.

It’s not entirely fair to lump these two cases together. Most industry experts argue that the SCO cases have little merit, and so far court actions back this up. The Cisco case is more subtle. Linksys didn’t know it had open source at the core of its router, and Cisco certainly didn’t figure it was acquiring an open-source wireless provider. Cisco also didn’t bank on the fact that modifying those routers is considered perfectly appropriate under GPL; that’s part of the deal when you use open source.