Unexplained Mysteries Discussion Forums

Unexplained Mysteries Discussion Forums > Other > Computers, Gaming & The Internet

<bleeding_heart>

Dec 29 2004, 07:54 AM

Wary of lawsuits, businesses are spending millions to identify unauthorized 'open-source' files in their software

By Robert Weisman, Globe Staff | December 27, 2004

Software engineer Shawn Henry swivels around in his chair, squints at his computer screen, and punches up a long list of software code files that document his company's latest headache.

These are files in the upcoming release of Service Integrity Inc., a Newton company selling software that helps businesses mine their data for customer leads. Each file highlighted in a bright color represents a match with known ''open source" code covered by a license. And each match represents a potential problem Service Integrity must resolve.

Henry calls up a pair of windows crammed with identical lines of code. He quickly picks out an open-source file that is using borrowed code that can be traced to a popular website devoted to macabre puzzles.

''Uh-oh," he says, shaking his head in recognition. ''Deadly Room of Death. This is something we don't want in our product."

Similar scenes are playing out at software firms and other businesses across the country, as engineers frantically search their files for something they hope not to find: open-source components. Their improper use, in the worst case scenario, could subject companies to costly litigation from parties like the SCO Group of Lindon, Utah. SCO claims to own intellectual property in the Linux open source operating system and has set off alarm bells in executive suites by suing IBM Corp. and three other Linux-using companies over the past year.

''It's almost like you've got be a lawyer now to develop software," grumbled Jothy Rosenberg, chief executive and chief technical officer of Service Integrity, who earlier this month ordered a 24-hour scanning of his company's Sift 3.5 software during a ''code freeze" before its launch. ''In this day and age, anybody building a commercial piece of software has got to do this. It's like buying insurance on your building."

There are no hard numbers on how much US businesses are spending to prevent themselves from infringing on open-source licenses. While few think the problem rises to the level of the Y2K bug, which spooked the business world in the late 1990s, many say it has become pressing and costly. Some liken it the Sarbanes-Oxley financial reporting requirements that have rattled executives at publicly traded companies. And the problems are related in that Sarbanes-Oxley requires public companies to value their software and assess their litigation risks.

Open-source software is freely available to use, distribute, and modify, but is subject to large and small restrictions set forth in the dozens of open-source licenses. Some companies, like Tewksbury's Avid Technology Inc., which makes digital film editing machines, have sought to avoid license conflicts by banning open-source software. Others have persisted in using open-source code, but have purchased scanning software or jury-rigged search engines to hunt for license conflicts they can resolve through proper identification or attribution.

Source & More

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.