IT's Newest Title: 'Open Source Compliance Officer' - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Enterprise Architecture
10:42 AM
Paul McDougall
Paul McDougall

IT's Newest Title: 'Open Source Compliance Officer'

To a list that includes CIO and CTO you can now add, thanks to a legal settlement, 'OSCO'. And here's why your company might soon need to hire one.

To a list that includes CIO and CTO you can now add, thanks to a legal settlement, 'OSCO'. And here's why your company might soon need to hire one.The background: Two developers of open source software licensed under the GNU General Public License (GPL) earlier this year sued a tech vendor for using their product in a manner contrary to the license.

Specifically, Erik Andersen and Rob Landley claimed that networking hardware vendor Xterasys used their BusyBox software without providing its source code to end users, as the GPL requires.

(BusyBox is a set of tools that allows software to operate in resource-constrained environments -- like a small networking device, for example.)

On Monday, the Software Freedom Law Center -- an advocacy group that backed the lawsuit -- announced that Xterasys had reached a settlement with Andersen and Landley.

Among the terms: Xterasys will cease all binary distribution of BusyBox until the SFLC confirms that "it has published complete corresponding source code on its Web site," according to a statement released by SFLC. Xterasys also will make a cash payment, value undisclosed, to the developers.

But here's the real kicker. As part of the deal, "Xterasys has agreed to appoint an internal Open Source Compliance Officer to monitor and ensure GPL compliance." The OSCO's duties will include notifying "previous recipients of BusyBox from Xterasys of their rights under the GPL."

What's the message here for corporate IT departments? The SFLC is basically saying that if you use of open source software willy-nilly, and don't comply to the letter with the GPL, it will drag you into court and try its best to have a watchdog (watch penguin?) inserted into your operations.

That's a scary thought.

And it's probably going to make more than a few CIOs shudder, given that most Fortune 500 companies uses open source software in their data centers (think Linux or Apache) and many include it in the products they sell.

Indeed, the SFLC recently sued Verizon for using BusyBox in a router that's part of its FiOS broadband service. That case is still pending -- and could truly set a precedent given Verizon's size and legal resources.

If SFLC prevails, we might hear an announcement from the phone giant along the following lines: "Verizon is pleased [teeth gritted] to name as Chief Open Source Compliance Officer…"

The question is whether all this is good or bad for the open source software movement. It's possible that the SFLC's sudden litigiousness will scare off potential open source users. That's something Andersen and Landley might want to think about while counting their Xterasys money.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll