IT DRILLDOWN
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Social Responsibility's Strategic Benefits

December 15, 11:30 AM - 12:30 PM US/Eastern (GMT-5)

Join Ed Granger-Happ, CIO of Save the Children, for a discussion of how creating an organization that is socially responsible improves staffing, retention, leadership development and overall corporate health.

Working With and Communicating to Your Board of Directors

January 13, 2009, 4:00 PM - 5:00 PM US/Eastern (GMT-5)

CIO panelists who will share tips and experiences working with their boards: Twila Day of SYSCO; Jeff O'Hare, West Corp.; Marc West, formerly with H&R Block.

IT's Role in Growing Mid-Market Companies

January 14, 4:00 PM - 5:00 PM ET (GMT-5)

Mid-market Council members will share their companies' stories and challenges in driving or coping with growth. Panelists represent Veterinary Pet Insurance, Medicis Pharmaceutical, and Intrax Cultural Exchange.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

 
 
 

Open Source - Dirty Code, Licenses and Open Source

 

July 01, 2006CIO — Karen Copenhaver, a partner at law firm Choate, Hall & Stewart, tells a story about running a seminar for a large company. The goal of the seminar was to make it clear that software developers had a responsibility to abide by their company’s guidelines surrounding the use of open-source, free and other third-party code.

Copenhaver thought it went well. Then the development group’s manager came up to her and said, “You know, these fellows can’t get everything they need to get done every day and worry about all of this stuff.”

The manager’s words lie at the core of an issue that affects countless development departments around the globe today. Faced with shrunken budgets, tight deadlines, the fear of jobs being shipped off to the lowest bidder and expanding demands for ever-more-complicated software, programmers are tempted to grab bits, pieces and even large bites of code from various third-party sources in order to get things done more quickly.

The consequences of this (to be kind) borrowing can be anodyne; that is, no one ever notices the code, the product ships (either externally or internally), and life goes on. Or the consequences can be catastrophic. Dirty code, according to intellectual property lawyers, has led to expensive delays during many mergers and acquisitions. And thanks to the efforts of a single programmer—Linux kernel contributor Harald Welte—at least 100 companies have been forced either to remove or release as open-source various pieces of GPL code that they borrowed without properly complying with the license.

It doesn’t have to be this way. Companies can avoid problems resulting from the use of open-source code. Legal experts we spoke with offered numerous tips and tactics for maintaining the flexibility necessary to take advantage of this important tool in the software developer’s box while limiting the risk.

Assume You’ll Get Caught

Copy some code, change the variables, tweak the white space.... Who’ll ever know? Perhaps at one time there wasn’t much chance that anyone would identify code that had been illicitly lifted from someone else’s work. But times have changed. Source-code compliance tools from the likes of Black Duck and Palamida, which can scan millions of lines of code and compare them with huge databases of known software, allow companies to locate (and locate pretty quickly) previously created code—even if variable names and white space have been modified by the borrower.

Black Duck’s client list has grown more than 300 percent during the past year and now includes 11 Fortune 500/Global 500 companies. Its hosted code assessment service, ProtexIP/OnDemand, has been downloaded by hundreds of companies and has been used in more than 140 merger and acquisition due diligence transactions totaling an estimated $9 billion, according to the company. Searches for suspicious code are becoming de rigueur during the due diligence surrounding mergers and acquisitions. The culture surrounding open-source and free software has had an impact as well. Whistle-blowers have outed their employers over open-source code misuse. Some GPL violations have also been called to the attention of the world by interested users who notice suspiciously familiar behavior in commercial products. (For instance, network hardware maker Linksys, soon after its 2003 purchase by Cisco, was famously inspired to release the firmware to its WRT54G router when motivated users uncovered that pieces of the firmware were based on Linux.)

Loading...
 
 
ABCs
 

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Making Enterprise Architecture Work within the Organization

Webcast: SOA Brings Backend Systems into the Future, Rapidly & Successfully

AMD. The Future is Fusion

Web 2.0 The New Face of the Web

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Predict the future with HP Insight Power Manager

Drive Business Value with Enterprise Social Computing - whitepaper

See how IBM helped Bharti create a new business model

Read how IBM helped Hughes enhance security

HP LaserJet M3035 MFP series starting at $1,599. » SHOP NOW. www.hp.com

NEW HP Color LaserJet CM3530n MFP starting at $2,499. » SHOP NOW. www.hp.com

Affordable technology-no compromise. HP server solutions

Make IT Work As One@novell.com

Learn about the software-based VoIP solution from Microsoft

CIO Starter Kit includes useful resources created by top CIOs. Free Download>>

Rolling the dice with your security? Take the Self-Assessment Test now

Request a Novell/Microsoft deployment workshop and kit

Request a Novell/Microsoft deployment kit

Compuware.com - See how we make IT rock around the world

Discover PMI's credentials and career path tools

Learn how companies are changing how they reach out to their most profitable customers.

The Right and Wrong Master Data Management Strategies to Start Small and Grow Big

Find out why IDC thinks virtualization is changing operating environments.

Explore the impact virtualization can have on your bottom-line.

Embedding Architecture into the Organization

Learn how the new Quad-Core AMD Opteron™ processor improves performance

The Future is Fusion. Only from AMD. Learn more

Providing Universal Search for Business

Renowned Engineering Institution Chooses AMD Processor-Based Servers

SAS a Leader in Forrester BI report. Click here to see evaluation.

Protect data-HP All-in-One and Disk-Based systems

Microsoft SQL Server 2008. Read Case Studies, Watch Demos, & Download for Free

The 2008 CEO Study: Implications for the CIO

HP LaserJet P4014n printer starting at $799 after $100 IS. www.hp.com

NEW HP Color LaserJet CP3525n printer starting at $699. » SHOP NOW. www.hp.com

Predict the future with HP Insight Power Manager

A new level of interoperability. Make IT Work As One@novell.com

Businesses Transform with VMware Virtualization

IT Service Management: Metrics That Matter

Download the free CIO Starter Kit to access useful resources created by top CIOs

Log onto Hitachi True Stories, films inspired by the next great achievement

Request a Novell/Microsoft deployment workshop

Strong Authentication. Secure USB data storage. One Device

Build up or Tear down? See how UC makes sense with Nortel. Calculate your UC ROI

SOA Educational Library at the TIBCO SOA Resource Center

A fresh look at the impact of customer intimacy.

Learn how to leverage virtualization for a 74% savings in TCO.

Find out how you can affordably consolidate applications with VMware.

ESG Research on Server and Storage Virtualization