Risk Management - Administration

Q. How do we mitigate our risk in using Open Source?

Hank Jones talked about the intimate exposure a customer can get to the code. He then challenged the perception that Open Source is more risky in terms of warranties and indemnification, noting that a lot of savvy vendors and customers have developed granular, specific questions and representation.

The point was made that customers want to have assurances in writing that the software will do exactly what the vendor’s marketing people have told them it will do.

Bill Estrem wondered if there is a way to have Open Source projects rolling forward where part of the documentation can include specific traceability of any part that exists.

Larry Rosen reiterated Bruce Perens’ point—made often—that Open Source projects are, in fact, open. He concluded, there are three ways to mitigate risk:
1. Go to the wealthy company to buy software (i.e., they can handle a lawsuit)
2. Go to a company that does its business out in the open
3. Buy insurance

Chris Hertel of the Samba project wondered if he were personally vulnerable in any way by contributing code on a regular basis. He discovered he does run a legal risk; he is in the software business. Larry clarified that being in the software business has nothing to do with money. He is part of commerce and considered a sole proprietorship.

Bruce Perens jumped in with a key fact: He has formed a not-for-profit corporation called Software in the Public Interest to help address the problem.

Larry Rosen brought the discussion to a close by noting that it is true that individuals may be able to create their own Open Source projects and offer software, but they don’t want to offer a warranty on it. On the other hand, legitimate, commercial Open Source projects do not just take software that’s tossed over the transom by individual developers. They go through rigorous test procedures and fix problems when they are identified.

Digital Millennium Copyright Act (DMCA)

Q. To what degree is DMCA a problem for Open Source?

Larry Rosen quickly responded that it is a very big problem, and that the intent of DMCA is not consonant with that of the original Copyright Act.

Chris Hertel noted that one direct effect is that some Open Source people will not come to the US for conferences because of the ramifications of DMCA (i.e. fears of being accused of reverse engineering). Bruce Perens told the group that SPI provides pro bono legal services to developers in the Open Source community and that, in fact, Larry was one of the attorneys who provides them.
Open Source, Open Standards and IPR

Q. Is the formal standards world threatened by Open Source?

Amy Marasco responded that ANSI does not support just one system for producing standards—a one-size-fits-all—but rather matching the need to the process. ANSI is exploring ways to work with consortia and that Open Source is making its way into the formal system through JTC 1 and its project to address Linux standards.

Larry took a different angle by saying that they are scared and should be scared. The experience of W3C is an important one. He was referring to the W3C adoption of the RAND patent policy. The Open Source deluged W3C with e-mails of protest, saying that it was not acceptable to “proprietize” the web, which had been created in an Open Source way. He reiterated his assertion that the paradigm is changing.

Amy maintained that, just because the paradigm is changing, that does not mean that the formal standards community does, or should, feel threatened. ANSI has changed its patent policy in the past, and it could change it again in light of evolving paradigms.

>>> More Site Administration Articles          >>> More By The Open Group

blog comments powered by Disqus