Close the open-source legal gap

Close the open-source legal gap

Convergence of electronics and software in the East is bringing new risks to manufacturers in the West

In their continual drive to satiate a market that demands faster, easier to use and more cost-effective products, Japanese firms have pioneered the use of embedded software in product manufacturing. From televisions, telephones, toys and refrigerators, open-source code has become prevalent. While open source accelerates time to market and reduces production costs, its use brings legal vulnerabilities.

Many electronic components from the Asian market are used in manufacturing and production throughout the UK. However, as open-source code is already embedded by the time it arrives, manufacturers are not aware of its existence. Without a clear understanding of the downstream inheritance of open source, firms are open to legal risks ­ especially with regard to the General Public Licence versions 2 and 3 (GPL v2 and GPL v3).

Most devices shipping today, such as handsets, contain digital rights management (DRM) software. In GPL v2, the provisions of the licence prohibit redistribution of the code without making the source code publicly available. GPL v3 contains anti-DRM provisions that make its use in embedded products prohibitive.

A telecommunications provider in the UK raised the ire of the open-source community after it used code released under GPL v2 in one of its commercial products, but failed to immediately release the code to the public.

In today’s litigious climate, the Software Freedom Law Center (SFLC) would have filed suit against that firm for violation of the GPL v2 ­ a pattern of accountability gaining momentum in the US.
Add vulnerability risks to the concerns of not knowing whether your company is beholden to applicable open-source obligations, and the importance of proper open-source use management emerges.

Firms must understand the scope of their open-source inventory and its associated licence restrictions to be able to manage its inherent vulnerabilities, which will empower them to use open source to their best advantage.

Mark Tolliver is chief executive of Palamida.