New research has highlighted quite how pervasive open source software (OSS) has become, with 85 per cent of companies currently using OSS and the remaining 15 per cent expecting to in the next 12 months.
The findings come from a Gartner survey in May and June 2008, which covered 274 end-user organisations in Asia/Pacific, Europe and North America, and raise a series of management issues for businesses.
But wait, trust Gartner to find a cloud in every silver lining for open source:
The analyst group found that 69 per cent of companies surveyed lacked a formal policy for evaluating and cataloguing OSS usage. This could open up “huge potential liabilities for intellectual-property violations,” it warned.
Sounds serious, no? I mean, this open source must be pretty dangerous stuff if it entails “huge potential liabilities”.
So let's just unpick this statement a little. Unfortunately, I can't find any details on the Gartner site, so I'll have to make general statements about free software and licensing.
First, if companies are simply using open source software as-is, there are no “potential liabilities”: none, zero, zilch. I'd be willing to bet that this covers 90% of open source in companies today.
You can even make changes to the code and not make them public - provide you don't circulate them outside your company. It's only when you start combining open source code with other code that licensing issues might arise, but even here, the spectre of “huge potential liabilities” is nonsense.
Many licences freely allow this kind of code mixing; the main one that doesn't is the GNU GPL, which puts important constraints on how you can do it. So, let's assume that Gartner's terrible bogeyman is the prospect of infringing the GNU GPL.
Now, it's true that Richard Stallman can be a frightening vision when he gets cross, but the probability of him visiting you to haul you over the digital coals is precisely zero: he's a busy chap, and aside from the odd generic rocket, doesn't concern himself with infringements.
One person who does, is Eben Moglen, Professor of Law, Columbia Law School, Founding Director of the Software Freedom Law Center, and the legal brains behind the GNU GPLv3 . He's been the main man when it comes to GPL infringements for some time. This is what he told me a few years back about his general approach in these situations:
”About a dozen times a year,” Moglen says, “somebody does something [that] violates the GPL. Most of the time, they're doing so inadvertently, they haven't thought through what the requirements are. And I call them up and I say, 'Look, you're violating the GPL. What you need to do is this. Would you help us?'” The answer is invariably yes, he says.
So the reality of the situation is that the worst you are likely to get is quick phone call from Moglen. And since he is one of the most articulate people it has been my pleasure to encounter, I'd say that you'd probably even enjoy the experience. Only in the most extreme circumstances, where a company is wilfully and persistently infringing on the GPL will Moglen even begin to contemplate legal action.
Here's the truth, then: there are no “huge potential liabilities” involved with free software. It's very hard to infringe, and very easy to sort things out. You are far more likely to get sued for using dodgy copies of Microsoft's software. Gartner's negative spin on the inarguable facts of a massive and increasing open source uptake in companies is FUD, pure and simple. Ignore it.