by Christopher Lindquist

Know Your (Open) Sources

Jul 01, 20061 min
Open Source

Just because a piece of code a developer downloaded off SourceForge says it is released under the Mozilla Public License doesn’t mean that all that code wasn’t itself stolen from someplace else. (In the Linksys router case, for instance, Linksys reportedly bought chips from Broadcom, which in turn received firmware from overseas third parties—making it difficult to clearly define what Linksys should have known about its code.)

For that reason, experts say it’s worth trying to get the code you use from trusted sources. The people behind larger, more public open-source and free software projects often claim to be very careful about who they let contribute code and how thorough they are in determining the origins of that code. Some companies that deal in open-source code—including Red Hat and Hewlett-Packard—offer indemnification programs that could help protect your company should the code you’re using be found to infringe on someone else’s intellectual property rights.