On Friday, Microsoft acknowledged that the code for the Windows 7 USB/DVD Download Tool improperly included GPLv2 licensed code and they did not comply with GPLv2. Like the GPLv2 licensed code found in the Linksys operating system, the software had been written by a consultant.  Peter Galli’s blog was very frank: 

we are now able to confirm this (inclusion of improperly licensed GPL v2 code) was indeed the case, although it was not intentional on our part. While we had contracted with a third party to create the tool, we share responsibility as we did not catch it as part of our code review process. We have furthermore conducted a review of other code provided through the  Microsoft Store and this was the only incident of this sort we could find.

 http://port25.technet.com/archive/2009/11/13/update-on-the-windows-7-download-tool-or-microsoft-to-open-source-the-windows-7-download-tool.aspx

 They will be making the source code of the relevant software available under the GPLv2 next week. They also acknowledged that they will be taking steps to avoid this problem in the future. The open source community should welcome Microsoft’s frank and appropriate response. A recent post on the FSF Europe email list noted that app stores are becoming a major source of violations and companies who host them need to consider how best to deal with the liklihood of these type of problems.

 This problem illustrates the critical nature of an open source (I would now say “third party software use policy” because so much proprietary code is also  available for download) use policy.  Yet Gartner noted last year that 69% of companies surveyed do not have a formal policy for evaluating and cataloguing OSS use.See my earlier post, http://lawandlifesiliconvalley.com/blog/?p=107.  These use policies need to cover not just internal development but all sources of code which includes code from third parties, consultants and M&A transactions.