by CIO Staff

Open Source Reality Check

Dec 28, 20044 mins
Enterprise ApplicationsOpen Source

Koch's IT Strategy

I’m no open source zealot, but there are a lot of misperceptions out there about open-source software and the different licensing schemes that govern it. So at the risk of alienating everyone with two open source postings in a row, let’s get some things straight about how you should consider open source and open source licensing in your overall business and IT strategy.

The worst myth about open source licenses is that if you modify the software in any way, you will somehow be required to show those changes to the entire world. Critics point to the GPL (General Public License) as proof. But the GPL, one of the most restrictive open source licenses, is not restrictive at all if you are a company that does not sell or distribute software.

You can do anything you want with open source software released under the GPL (such as Linux) without ever having to tell anyone what you did or let anyone see or use the code. The restrictions apply only to companies that want to sell or redistribute copies of the software they’ve modified. This means your legal department and your CFO do not have to worry about revealing company secrets just because someone down in IT starts playing with Linux. I’ve gone over this point every which way with attorney Larry Rosen, the former counsel to the Open Source Initiative (in other words, if you were violating the GPL, Larry would have been the guy coming after you), and he confirms it.

Secondly, let’s separate the SCO lawsuit from open source. CEOs and CFOs—and probably some underinformed CIOs—are freaking out about the SCO suit because they see companies like Auto Zone and Daimler-Chrysler being sued and figure they must be next. Just because companies are being sued by SCO for using Linux, does not mean that every piece of open source software is open to the same kind of challenge. Let’s be clear: Merely having open source code in your software infrastructure does not automatically make you susceptible to an SCO-like lawsuit.

In fact, the SCO lawsuit is not about open source software at all. It is about proprietary software. SCO is suing IBM (and users of Linux) because it believes those companies have taken or are using proprietary code from a UNIX program that SCO owns. The lawsuit would not be materially different if that chunk of UNIX code was alleged to be in Microsoft Windows. The lawsuit is about stealing proprietary code and putting it in another piece of software that is being distributed widely. SCO believes that users of Linux should be paying it a license fee not for Linux, but for the proprietary UNIX code that it alleges is inside Linux.

But lawyers and the popular press have a nasty habit of broadly painting open source software in general—not just Linux—with an SCO doomsday brush. They make it seem that companies that use Apache, or JBoss or other open source code must automatically be in the same boat as companies that use Linux. The only way that would be true is if Apache or JBoss contain code stolen from a proprietary software program and they—and their users—get sued for lost licensing fees.

It’s unfair to think that these groups will be sued simply because companies using Linux have been sued. Any software program, proprietary or otherwise, can contain stolen code. So far, no evidence has been gathered to show that open source software is any more or less prone to copyright and licensing fights than proprietary software.

A cottage industry has arisen around the open source licensing paranoia. Based mostly on feedback from these companies, any reporter might be tempted to buy into the fear and loathing, as an article in the Boston Globe on December 27th does. While licensing is a big issue in any kind of software, it shouldn’t prevent companies from using open source. The article in the Globe mixes up the issues of licensing and the SCO lawsuit and makes it seem like anyone who uses open source will soon receive a visit from the open source police demanding that they reveal the source code of their software infrastructures to the world. Or worse, using any kind of open source software will make your company vulnerable to the same kind of challenge that users of Linux have received from SCO. That just isn’t true.

Correction from last week: In the original posting of my blog, I incorrectly stated that SCO’s UNIX revenues fell 46 percent in 2004. I should have said SCO’s total revenues fell by that percentage. My apologies to SCO for the error.