Open Source - Dirty Code, Licenses and Open Source

Sat, July 01, 2006CIO Karen Copenhaver, a partner at law firm Choate, Hall & Stewart, tells a story about running a seminar for a large company. The goal of the seminar was to make it clear that software developers had a responsibility to abide by their company’s guidelines surrounding the use of open-source, free and other third-party code.

Copenhaver thought it went well. Then the development group’s manager came up to her and said, “You know, these fellows can’t get everything they need to get done every day and worry about all of this stuff.”

The manager’s words lie at the core of an issue that affects countless development departments around the globe today. Faced with shrunken budgets, tight deadlines, the fear of jobs being shipped off to the lowest bidder and expanding demands for ever-more-complicated software, programmers are tempted to grab bits, pieces and even large bites of code from various third-party sources in order to get things done more quickly.

The consequences of this (to be kind) borrowing can be anodyne; that is, no one ever notices the code, the product ships (either externally or internally), and life goes on. Or the consequences can be catastrophic. Dirty code, according to intellectual property lawyers, has led to expensive delays during many mergers and acquisitions. And thanks to the efforts of a single programmer—Linux kernel contributor Harald Welte—at least 100 companies have been forced either to remove or release as open-source various pieces of GPL code that they borrowed without properly complying with the license.

It doesn’t have to be this way. Companies can avoid problems resulting from the use of open-source code. Legal experts we spoke with offered numerous tips and tactics for maintaining the flexibility necessary to take advantage of this important tool in the software developer’s box while limiting the risk.

Assume You’ll Get Caught

Copy some code, change the variables, tweak the white space.... Who’ll ever know? Perhaps at one time there wasn’t much chance that anyone would identify code that had been illicitly lifted from someone else’s work. But times have changed. Source-code compliance tools from the likes of Black Duck and Palamida, which can scan millions of lines of code and compare them with huge databases of known software, allow companies to locate (and locate pretty quickly) previously created code—even if variable names and white space have been modified by the borrower.

Black Duck’s client list has grown more than 300 percent during the past year and now includes 11 Fortune 500/Global 500 companies. Its hosted code assessment service, ProtexIP/OnDemand, has been downloaded by hundreds of companies and has been used in more than 140 merger and acquisition due diligence transactions totaling an estimated $9 billion, according to the company. Searches for suspicious code are becoming de rigueur during the due diligence surrounding mergers and acquisitions. The culture surrounding open-source and free software has had an impact as well. Whistle-blowers have outed their employers over open-source code misuse. Some GPL violations have also been called to the attention of the world by interested users who notice suspiciously familiar behavior in commercial products. (For instance, network hardware maker Linksys, soon after its 2003 purchase by Cisco, was famously inspired to release the firmware to its WRT54G router when motivated users uncovered that pieces of the firmware were based on Linux.)


Loading...
Applications MarketSpace
Service Level Reporting and Communication
Service level reporting is the most visible output and often the most time-consuming activity in SLM. Learn more »
Lower IT Costs with Oracle Database 11g Release 2
Learn how upgrading to Oracle Database 11g Release 2 can transform your business, budgets, and service levels Learn more »
Managing Your SAP System
Learn how to more effectively manage your SAP system. Learn more »
 
SPONSORED LINKS
 

White Paper: 4 Customer Service Myths

White Paper: Improve Agility with Operational Responsiveness

Removing the Barriers to IT Governance: How On-Demand Software Changes the Game

Cloud Computing--Latest Buzzword or a Glimpse of the Future?

A Balanced Approach to an Application Development Platform

Adobe® LiveCycle®solutions for intuitive user experience

10 Ways Excel Drives More Value from Your SAP Investment

What's New in SOA Suite 11g?

Unleash the Power of Java with Oracle JRockit Real Time

SOA Best Practices and Design Patterns

Application Grid: Ideal Platform for IT Consolidation

Ready to virtualize tier one applications? Check your virtualization maturity.

Learn how to provide complete Business Service Management.

Increase ROI of Your Application Portfolio

See how AT&T can help protect your network.

Top Five CIO Challenges

Streamline IT Costs. Boost Performance with WAN Optimization.

Want to know how you can maximize employee productivity?

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

A new fleet of PCs with a total ROI in 10 months. Find your ROI.

eZine: A Roadmap to Reducing IT Complexity

Reduce risk, gain agility. See how Progress can help your business.

Virtualization Technology as a Business Solution

eZine: A Roadmap to Reducing IT Complexity

White Paper: Managed Security for a Not-So-Secure World

SharePoint - Unchecked growth of content is unsustainable.

Focus Under Pressure: Why IT Governance Becomes Mission-Critical in a Down Economy

Should Your Email Live In The Cloud? A Comparative Cost Analysis

Adobe® LiveCycle® solutions for business process automation

Architecting Business Intelligence Applications for Change: The Open Solution

Increase UPS efficiency without sacrificing protection.

Unlocking the Mainframe: Modernizing Legacy System to SOA

State of the Data Integration Market

Enhance Customer Loyalty through Higher Responsiveness

Achieving Business Agility with Application Grid

Seven Ways ITIL Can Help You in an Economic Downturn

Four steps to populate your CMDB.

"Enterprise-Proven" is the Prerequisite for Enterprise SaaS Portal Solutions

Join us at the US-Brazil IT-BPO Summit, on November 10th in New York.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion

Read the RSA report: Security for Business Innovation

Webcast: Looking to the Cloud for Email and Collaboration Services

64-page prescriptive guide to security, compliance, and IT operations.

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

The rules of infrastructure management just changed.

A Clear View Toward Virtualization

Interactive Q&A helps you discover key ways to maximize IT assets.

 
 
RESOURCE CENTER