The management of FOSS continues to evolve. Many companies have focused on managing their internal resources and repositories. However the rise of GitHub and other online repositories increases the complexity of this management. Samsung recently had this experience native Linux driver for Microsoft’s exFAT file-system which was accidently posted on GitHub. http://www.phoronix.com/scan.php?page=news_item&px=MTQxNzg. Samsung has corrected the problem and released the code under GPLv2. Ibrahim Haddad of Samsung made a wise strategic choice to work with the Software Conservancy’s GPL Compliance Project for Linux Developers to ensure that they maintained good relations with the community.
The Software Conversancy stated that “the Conservancy worked collaboratively with Ibrahim Haddad, the Group Leader for Open Source at Samsung Research America, and fellow community leaders, throughout the process after this code first appeared on GitHub. Conservancy’s primary goal, as always, was to assist and advise toward the best possible resolution to the matter that complied fully with the GPL. Conservancy is delighted that the correct outcome has been reached: a legitimate, full release from Samsung of all relevant source code under the terms of Linux’s license, the GPL, version 2. Conservancy has worked on many difficult compliance matters for many of its member projects (including BusyBox and Samba, in addition to our GPL Compliance Project for Linux Developers). Conservancy thus particularly appreciates Samsung’s celerity, responsiveness, and correct action on this matter.” http://sfconservancy.org/news/2013/aug/16/exfat-samsung/.
This issue may actually be more serious for startup companies, because they tend to use GitHub on a more ad hoc basis. Recently we worked with a startup company that inadvertently posted source code of some of its internal programs on GitHub.
We are continuing to see significant interest in FOSS management by venture investors and acquiring companies. These experiences emphasize the importance of developing and implementing a FOSS management program and including GitHub in the program.
On June 14, 2013, the district court of Hamburg found that Fantec violated the obligation in the GPLv2 to provide to its customers the “complete corresponding source code” of the software http://www.ifross.org/publikation/lg-hamburg-az-308-o-1013.
The decision is one of the first to deal with this obligation to provide source code but the facts limit its value. For example, the damages are based on the breach of a prior cease and desist declaration between Welte and Fantec in which Fantec agreed not to violate the GPLv2. However, it does provide important guidance on how to manage FOSS compliance and the limits of delegation of these obligations.
Fantec, a European company, distributed a media player with a Linux-based firmware inside. Like many companies, Fantec used software from third parties. The firmware of the media player included the iptables software which is licensed under the GPLv2. Fantec provided a version of the source code of the firmware for download that they had received from their Chinese manufacturer. Harald Welte is one of the authors of the iptables software and has brought suit a number of times to enforce the GPLv2 for this software. Ironically, Welte had settled a prior violation by Fantec with respect to this firmware. As a result Fantec signed a cease-and-desist-declaration in 2010 and Fantec was contractually obliged to refrain from further GPLv2 violations (and otherwise to pay a contractual penalty).
The software available for download for the Fantec product was reviewed during a “Hacking for Compliance Workshop” in Berlin organized in 2012 by Free Software Foundation Europe. The hackers discovered that the source code provided by Fantec did not include the source code for the iptables software and that the source code for some other components did not match the versions used to compile the binary code of the firmware.
In 2012, the plaintiff gave Fantec notice of another GPLv2 violation and admonished Fantec to cease the infringement and to pay the contractual penalty and the out-of-court costs for legal prosecution. Fantec objected that it had been assured by his Chinese supplier that the source code received from the supplier was complete. And Fantec claimed that they had investigated options with third parties for source code analysis and had been informed that such reviews were quite expensive and not completely reliable.
Welte raised two arguments: first, Fantec provided source code that was incomplete and, second, that the source code was not the correct versions. The court affirmed a violation of the GPLv2 license conditions because the iptables code was not contained within the source code provided by Fantec. However, the court did not rule on the second argument that the source code was not up to date. Consequently, the decision does not provide significant guidance on the definition of the term “complete corresponding source code”.
The court required Fantec to pay a contractual penalty in the amount of € 5.100 based on the prior settlement agreement. In addition, the court awarded the plaintiff’s expenses in enforcing the GPLv2 (this award is standard under German law and is based on Section 97a (1), 31, 69c no. 3 and 4 of the German Copyright Act which awards costs for a justified warning by a party which is so cautioned). The court affirmed the culpability of Fantec’s violation by classifying the violation as negligent: the seller of firmware may not rely on suppliers´ statements about compliance. The distributor of GPLv2 software must carry out the assessment or commission experts to make the assessment even if they incurred additional costs. The failure to comply with the GPLv2 may not be defended such failure due to additional costs.
The decision is not surprising given existing German cases regarding the GPLv2. However, the case re-emphasizes the need for each company to have its own FOSS compliance process. Companies cannot simply rely on the statements of third parties. Each company should ensure that they have the formal process for handling the use of FOSS by their own employees and third parties. This process should include:
1. Policy for the use of FOSS (“FOSS Use Policy”)
2. Request and approval process for use of FOSS by employees
3. Approval and audit process for the use of FOSS from third parties, both through third-party products and acquisitions by the company
4. Auditing process for compliance with the FOSS Use Policy.
Given the rapidity of product development and the extensive use of third-party software in most products, a FOSS Use Policy must focus on managing relationships with third-party suppliers. A company must ensure that they have a clear set of standards for third-party providers for FOSS compliance. These standards should include an understanding of the FOSS management processes of such third-party suppliers. The development of a network of trusted third-party suppliers is critical part of any FOSS compliance strategy. The Free Software Foundation Europe has useful recommendations on complying with GPLv2 obligations http://fsfe.org/activities/ftf/useful-tips-for-vendors.en.html.
Many companies will decide that they need to automate the process by using the software to scan third-party code and manage the process. And companies may also wish to use the Software Packet Data Exchange framework to help communicate the FOSS in a particular product http://spdx.org/.
Companies should adopt a formal FOSS use policy which should be integrated into the software development process. Companies should also be prepared to respond promptly to any assertions of violation of FOSS licenses and swiftly correct the problem.
I would like to thank my colleagues in Germany, Thomas Jansen and Hannes Meyle for assisting me on this post.
One disturbing trend is the posting of FOSS modules without licenses. Simon Phipps focused on this problem in his recent blog, particularly on the problems raised by the terms of service at Github. James Governor, the founder of analyst Red Monk, is quoted by Simon as stating: “”younger devs today are about POSS - Post open source software. f*** the license and governance, just commit to github” http://www.infoworld.com/d/open-source-software/github-needs-take-open-source-seriously-208046. Ironically, this approach will undercut the major desire of most FOSS developers: the broad use of their code. The lack of a license ensures that the software will be removed from any product meant to be used by corporations. Corporations are very sensitive about ensuring that all software that they use or which is incorporated in their products is properly licensed. I have worked on hundreds of FOSS analysis and the response to software without a clear license is almost always “rip it out”.
One other consequence not mentioned by Simon is that the failure to include a license also means the developer (and distributor) have potential liability in the United States under Article II of the Uniform Commercial Code (“UCC”). Article II of the UCC provides that if certain warranties are not “disclaimed” then the distributor (“seller” in UCC language) automatically gives those warranties. These warranties are disclaimed in all FOSS licenses, generally in capital letters and are the source of the provisions using obscure terms such as “merchantability” and “fitness for a particular purpose”. The developer would be liable for these warranties: merchantability (the product is of average quality in the trade), fit for a particular purpose (if the developer or distributor knows of the use by the licensee, then the software will be fit for such purpose) and indemnity (an indemnity for intellectual property infringement such as copyrights and patents). And if such warranties are breached the developer would be liable for “consequential damages” which includes lost profits. While it is unlikely that such suit would be brought, the potential liability for the developer will continue.
The Thanksgiving holiday has given me the opportunity to consider the critical new role of collaboration in innovation. This role was emphasized to me during a single day, November 17, in Silicon Valley. In the morning, I attended the Cloud Computer Expo and speaker after speaker, from Cisco to HP, discussed how OpenStack software was critical to their success in cloud computing and was transforming cloud computing industry. OpenStack software to enable cloud computing is being developed under the management of the OpenStack Foundation in a collaboration of over 150 companies. The OpenStack project was started by NASA and Rackspace, but was recently reorganized as a foundation to take over the funding and management of the project www.openstack.org (as a matter of transparency, I represent the OpenStack Foundation). I think that such collaborations will be increasingly critical for the future because many business problems are too complicated to be effectively solved by a single company. For example, the auto industry has joined with the consumer electronics industry to form a collaboration for entertainment systems in automobiles, the Genivi Alliance http://www.genivi.org/.
At the end of the day, I attended the Sierrra Ventures CIO Summit cocktail party (yet another good reason to have Sierra Ventures as an investor) and Jed York of the 49ers was discussing the role of technology in the new Santa Clara stadium (it sounds like it will be spectacular). Yet he also focused on the need to encourage collaboration with the Silicon Valley community to take advantage of the possibilities presented by the technology infrastructure of the new stadium.
From cloud computing to sports, collaboration has become central to business success in the 21st century.
Last year, 2011, was one of the most active years in legal developments in FOSS. This activity reflects the increase in FOSS use: Laura Wurster of Gartner, noted in the Harvard Business Review blog that open source has hit a “strategic tipping point” this year with companies increasingly focused on using “open source” software for competitive rather than cost reasons http://lawandlifesiliconvalley.com/blog/?p=619.
Continuing the tradition of looking back over top ten legal developments in FOSS, http://lawandlifesiliconvalley.com/blog/?s=top+10+2008&x=40&y=6, my selection of the top ten issues for 2011 are as follows:
1. Android Patent Litigation. One of the most widely reported legal developments in FOSS has been the patent wars surrounding the Android operating system. Over 40 patent cases are pending between a wide variety of parties, including Motorola Mobility, Inc., HTC, Samsung Electronics, Inc. and Apple Computer, Inc. This year saw several decisions in these suits. In Australia, Apple won a trial court decision which enjoined the distribution of Samsung’s Android tablets based on a claim that the Samsung tablet violated Apple’s design patents. However, after a series of appeals, Australia’s High Court overturned the injunction and Samsung can now distribute its tablets. Apple was more successful in Germany where it was successful in obtaining an injunction based on Apple’s design patents which prevents the distribution of Samsung’s Galaxy Tab 10.1 (however, Samsung has released a revised version named the Galaxy Tab 10.1N). Apple was not successful in obtaining an injunction against distribution of Samsung’s Galaxy Tab in the United States, although the judge stated that Apple’s design patents might be infringed. More recently, on December 19, the ITC ruled that HTC’s Android phones violated two claims of an Apple utility patent and issued an “exclusion order” for HTC Android phones which would take effect on April 19, 2012. HTC has announced that it will provide a workaround. Google has been handicapped by its lack of patents to assert in defense of Android (it started with only 600 patents, but is aggressively buying new patents and has agreed to purchase Motorola Mobility, Inc., primarily for its patent portfolio).
2. Oracle v. Google. A separate but related case is Oracle’s suit against Google for the alleged infringement of Oracle’s copyrights in the Java software (which it acquired from Sun Microsystems, Inc.) and certain Oracle patents by Android. Oracle is asserting that the Android operating system infringes the copyrights in “twelve code files and 37 specifications for application programming interface packages”. The decision on this claim could have a significant impact well beyond this case: most software lawyers have viewed APIs (and their specifications) as either having no copyright protection or very limited copyright protection. These views govern the interpretation of both FOSS and proprietary licenses. The court described APIs as follows:
Conceptually, an API is what allows software programs to communicate with one another. It is a set of definitions governing how the services of a particular program can be called upon, including what types of input the program must be given and what kind of output will be returned. APIs make it possible for programs (and programmers) to use the services of a given program without knowing how the service is performed. APIs also insulate programs from one another, making it possible to change the way a given program performs a service without disrupting other programs that use the service.
If Oracle prevails and the court finds that APIs are copyrightable, lawyers will need to rethink how they interpret both FOSS and proprietary licenses. The issue could be particularly important in determining whether interactions between software programs licensed under GPLv2 or GPLv3 create, respectively, “derivative works” or a “modified version” and, thus, impose the license terms of GPLv2 or GPLv3 on the software modules with which they interact. The first significant decision in the case rejected Google’s attempt to eliminate the claims through summary judgment (Google won only on a single minor point). http://www.scribd.com/doc/65143317/Oracle-v-Google-Denial-of-Google-s-Summary-Judgment-Motion. However, this decision is not surprising because summary judgment is generally used for settled issues of law; the copyright issues in this case are on the cutting edge of the law.
3. Perfect 10 v. Google. Although this case was not strictly about open source software, it established a critical principle for remedies for copyright infringement. These remedies also apply to enforcement of copyright licenses in certain situations. For decades prior to this decision, the presumption was that the remedy for copyright infringement was always “injunctive relief”. Injunctive relief means that a court orders an “infringer” to comply with the terms of the license. The Perfect 10 decision in the Ninth Circuit Court of Appeals made clear that “injunctive relief” is no longer a remedy which is always available for copyright infringement. Instead, the court stated that : We therefore conclude that the propriety of injunctive relief in cases arising under the Copyright Act must be evaluated on a case-by-case basis in accord with traditional equitable principles and without the aid of presumptions or a “thumb on the scale” in favor of issuing such relief.
Injunctive relief is an unusual remedy for breach of license agreements, because under Anglo Saxon law, the standard remedy for breach of contract is monetary payment. However, a remedy of monetary damages has little value for breach of open source licenses because the open source software is generally distributed at no cost. The Perfect 10 decision undercuts the value of the Jacobsen decision to the open source community. In Jacobsen, the Court of Appeals of the Federal Circuit decision found that injunctive relief was available for open source licenses if the relevant obligations were drafted to make them a “restriction” on the scope of the license rather than just a contractual obligation (a “covenant”) http://lawandlifesiliconvalley.com/blog/?p=65. However, the other standard copyright law remedies such as attorneys fees, actual damages and, potentially, statutory damages remain available. However, injunctive relief, the most valuable of remedies, may be more difficult to obtain to enforce open source licenses.
4. Publication of Software Package Data Exchange (“SPDX”) Specification. The management of open source software in the supply chain has been a continuing problem. However, the open source community has been working to find a solution to this problem. The work has been guided by the SPDX Group (the SPDX Group is a working group of the Linux Foundation and is associated with FOSSBazaar) which has developed the SPDX specification as a standard format for describing the components, licenses and copyrights associated with a software package. For example, SPDX Group has identified seven versions of the General Public License version 2, the most commonly used open source license. If widely adopted, SPDX will be critical to effectively manage open source software as it becomes more widely used in the supply chain. As noted in the Harvard Business Review blog by Gartner Group, the ubiquity of the use of open source software has not been matched by effective management of its use http://blogs.hbr.org/cs/2011/03/open_source_software_hits_a_st.html.
5. Revision of Mozilla Public License. The Mozilla Public License is one of the most popular open source licenses. After eighteen months of work, Mozilla has announced a new version. The Mozilla Public License version 2 (“MPLv2”) is a much simpler, shorter and more usable license. The new license has adopted approaches (and sometimes the terms themselves) from other open source licenses: the patent license provision was adopted from the Apache license and the termination provision from the General Public License version 3. In addition, Mozilla has made the MPLv2 compatible with the Apache license. And MPLv2 has also included a provision to make the license “compatible” with other licenses. For example, MPLv2 permits distribution of code under the MPLv2 with other modules licensed under GPL variants (GPLv2, GPLv3, APGL and LPGL) if such modules are part of a “Larger Work” (unless the notice in the software states that the software is “Incompatible with Secondary Licenses”). However, these differences mean that the transition to the MPLv2 for existing projects will require careful thought.
6. Cybits Decision in Germany. This decision makes clear that companies cannot alter the terms of software licensed under GPLv2. AVM is a manufacturer of FRITZ!Box router, a digital subscriber line DSL terminal, which uses the Linux Kernel as a part of their production firmware (which is licensed under GPLv2). Cybits, a software producer, distributes the Internet filtering software “Surf-Sitter DSL”, which is intended to protect children. The Surf-Sitter application downloads FRITZ!Box software to the user’s computer, modifies it and then reinstalls it back on the FRITZ!Box.
AVM claimed that Cybits did not have the right to modify the part of the FRITZ!Box firmware which was licensed under GPLv2. The court rejected AVM´s claims that Cybits should not be permitted to alter the firmware of AVM and denied that Cybits had infringed AVM´s copyright by distributing Surf-Sitter. The court found that the firmware is a collective work, which contains modules licensed under GPLv2. Cybits or any third party may modify the GPLv2 licensed software. Thus, AVM is not able to control any modifications to the GPL licensed components of the FRITZ!Box firmware.
7. Project Harmony Publishes Standardized Contributor Agreements. Many commentators have complained about the problems raised by the number of licenses approved as “open source”, a problem frequently referred to as “license proliferation”. Yet a similar problem is lurking in the development of open source software: the contribution agreements which govern the rights provided by contributors to a project. Project Harmony was a community effort to resolve this problem in advance by developing a set of standard agreements which can be adopted by open source projects http://www.harmonyagreements.org/about.html.
Many open source projects use the “license” for the project as a contribution agreement, but a variety of separate open source contribution agreements have developed over time, from the Apache Contributor Agreement to the Joomla Contributor Agreement http://community.joomla.org/images/JCA_General_Draft.pdf. Although many open source projects can use their standard open source license (i.e. GPLv2 for Linux or Mozilla Public License for the Mozilla browser) as the “contribution agreement”, this approach “locks in” the open source project to that license. If the open source project wishes to change the license (such as the change of OpenOffice project from GPLv2 to Apache), this approach would require that each contributor agree to the change. A good example of the potential for problems with this approach is the Open Street Map Project (“OSM Project”). The OSM Project has been struggling with shifting from a Creative Commons license to a more appropriate Open Database License http://wiki.openstreetmap.org/wiki/Open_Data_License_FAQ. After three years, the transition is still not complete. Finally, the OSM Foundation has given up on obtaining agreement from the remaining contributors and will probably delete contributions from contributors that have not agreed to shift to the new license http://en.wikipedia.org/wiki/Open_street_map#Licensing. In addition, open source licenses do not deal with a number of other issues which should be addressed by contribution agreements, such as contributions by minors and changes of license. Project Harmony also makes it easier for corporations to contribute to open source projects by avoiding the complexities of managing the differing terms of these new contribution agreements. The Project Harmony standard contribution agreements permit projects to make a choice between a license or assignment approach and, then, select among several options to change licenses in the future (without obtaining permission from each contributor.
8. Dispute over Koha Trademark. The importance of the protection of trademarks to open source projects was illustrated by the recent dispute over the Koha trademark between Horowhenua Library Trust (“HLT”) and a commercial company, PTFS, http://koha-community.org/update-2/. HLT manages the Koha open source project. PTFS filed for trademark protection for Koha in New Zealand after it had acquired a company which used the trademark and the trademark was, then, registered by the New Zealand government. Upon registration of the Koha trademark, HLT complained and appealed for help. Subsequently, PTFS agreed not to enforce the trademark and even to transfer the trademark to HLT http://patentbuff.com/2011/11/koha-alls-well-that-ends-well_28.html?spref=tw.
9. The Meaning of Open Source. The power of the community to police the misuse of “open” was demonstrated by Nokia’s attempt to claim that the Symbian mobile operating system was “open” for business http://www.groklaw.net/article.php?story=20110402143136766. However, the Symbian license is not consistent with the Open Source Definition. The copyright license in the Symbian license is as follows:
Subject to the terms and conditions of this Agreement, Nokia hereby grants to You a personal, non-exclusive, non-transferable, irrevocable (except as set forth in Clause 7.1 and 7.2 below), royalty-free and worldwide license under Copyrights licensable by Nokia to: i) reproduce and modify Source Code Components; ii) reproduce Binary Components and Documentation; iii) use and reproduce Utility Software, and iv) publicly display, distribute and make available (a) the Source Code Components to third parties that have acquired a valid source code license from Nokia; and (b) Utility Software, Binary Components and Source Code Components in binary form to third parties, (c) Documentation in unmodified form in all cases i)-iv) solely as part of the Symbian Platform or for use with the Symbian Platform, under the terms and conditions of this Agreement.
The agreement requires a separate license for source code from Nokia and limits the use to the “Symbian Platform.” Nokia was forced to “correct” their original statement to “open for business” rather open source http://symbian.nokia.com/blog/2011/04/04/not-open-source-just-open-for-business.
10. Open Hardware License. The open hardware movement received a boost when CERN published an Open Hardware License (“CERN OHL”). The CERN OHL is drafted as a documentation license which is careful to distinguish between documentation and software (which is not licensed under the CERN OHL) http://www.ohwr.org/documents/88. The license is “copyleft” and, thus, similar to GPLv2 because it requires that all modifications be made available under the terms of the CERN OHL. However, the license to patents, particularly important for hardware products, is ambiguous. This license is likely to the first of a number of open hardware licenses, but, hopefully, the open hardware movement will keep the number low and avoid “license proliferation” which has been such a problem for open source software.
I am looking forward to the upcoming Open Source Think Tank 2011 which we are co hosting with Olliance Group/Black Duck. Andrew Aitken has prepared a great agenda and we are going to have a case study by AOL which they describes as follows: AOL is planning two related open source initiatives: employing open source technologies and practices to improve the innovation and efficiency of their developers and releasing elements of their software portfolio as open source to enrich their ability to deliver content and encourage community contributions.
This year the Open Source Think Tank will be particularly interesting because of the dramatic expansion in the use and importance of Freedom and Open Source Software (”FOSS”). We will be discussing the recent completion of many important industry initiatives to make FOSS easier to use: Project Harmony (contributor agreement), SPDX (assisting management of the supply chain by providing a common vocabulary for describing licenses), new Mozilla license and Open Web Foundation (contributor agreements).
The Open Source Think Tank is unique because of the breadth and seniority of those who attend, from CEOs such as Larry Augustin (SugarCRM) and Tim Yeaton (Black Duck) to counsel such as John Noerenberg (Chief IP Counsel, Qualcomm) and Marissa Aufox (Compliance Counsel, Go Daddy Group) to CTOs such as Shawn Douglass (EMC) and Paul Daugherty (Chief Technology Architect, Accenture).
We will also be discussing the recent government initiatives which could dramatically increase the market for FOSS. I have mentioned these government initiatives in an earlier post. http://lawandlifesiliconvalley.com/blog/?p=607.
We have a few more spaces left for the Open Source Think Tank, but if you are interested you will have to move quickly. http://thinktank.olliancegroup.com/
This year has seen an increasing focus on the use by free and open source software (“FOSS”) by governments with recent announcements by the UK, the Australian Federal Government and NASA. FOSS projects and companies need to be aware of these efforts because of the scope of the opportunity to transform government and provide less expensive software infrastructure to government. Governments are also a very large market for software. Yet governments continue to be hampered by their habits of using proprietary software as demonstrated by the recent decision by an administrative court in Lille, France. http://lawandlifesiliconvalley.com/blog/?p=584 .
The UK Government recently provided a very broad endorsement of FOSS and open standards in UK government procurement. The UK government described its new policy for the next 24 months recently: http://www.cabinetoffice.gov.uk/resource-library/uk-government-ict-strategy-resources. The approach to FOSS is described below:
To assist with the deployment of agile solutions using open source technology, the Government will establish an Open Source Implementation Group, a System Integrator Forum and an Open Source Advisory Panel. These will aim to educate, promote and facilitate the technical and cultural change needed to increase the use of open source across government.
This encouragement is similar to the approach of the Department of Defense in the United States several years ago. http://lawandlifesiliconvalley.com/blog/?p=314. The UK government describes its goals in broader terms as follows:
The Government is taking a different approach to deliver this strategy, characterised by a strong centre and continued commitment to greater transparency through regular and open reporting. The approach includes:
mandatory open standards;
spending controls to ensure that new ICT solutions comply with strategy objectives;
transparency to ensure the continued comparison of common ICT services so that government gets the best price;
increased standardisation and modularisation of business processes and supporting technologies to create a platform from which government can deliver new models of open and innovative public services;
a new, strengthened governance structure; and
greater engagement with departments and suppliers to remove cultural as well as technical barriers.
The FSF Europe provides additional information on the approach in the UK. http://fsfe.org/uk/mapping-uk.en.html
This UK policy announcement follows a similar one by the Australian Government earlier this year which requires “covered procurements”, those procurements for over $80,000 AUS must comply with the Open Source Policy in procurement. http://www.finance.gov.au/e-government/infrastructure/open-source-software.html. The principles are summarized below:
Principle 1: Australian Government ICT procurement processes must actively and fairly consider all types of available software.
Australian Government agencies must actively and fairly consider all types of available software (including but not limited to open source software and proprietary software) through their ICT procurement processes. It is recognised there may be areas where open source software is not yet available for consideration. Procurement decisions must be made based on ‘value for money’. Procurement decisions should take into account whole-of-life costs, capability, security, scalability, transferability, support and manageability requirements.
For a covered procurement (over $80K), agencies are required to include in their procurement plan that open source software will be considered equally alongside proprietary software. Agencies will be required to insert a statement into any Request for Tender that they will consider open source software equally alongside proprietary software. Tender responses will be evaluated under the normal requirements of the Commonwealth Procurement Guidelines (CPGs). For a non-covered procurement (below $80K), agencies are required to document all key decisions, as required by the CPGs. This includes how they considered open source software suppliers when selecting suppliers to respond to the Select Tender or Request for Quotation.
Principle 2: Suppliers must consider all types of available software when dealing with Australian Government agencies.
Australian Government agencies will require suppliers to consider all types of available software (including but not limited to open source software and proprietary software) when responding to agencies’ procurement requests.
Agencies are required to insert this requirement into their tender documentation. Suppliers will need to provide justification outlining their consideration and/or exclusion of open source software in their response to the tender. Agencies will determine compliance with this requirement when assessing tender responses.
Principle 3: Australian Government agencies will actively participate in open source software communities and contribute back where appropriate.
The Australian Government, through AGIMO, will actively seek to keep up-to-date with international best practice in the open source software arena, through engaging with other countries and organisations. Australian Government agencies should also actively participate in open source software communities and contribute back where appropriate.
In the United States, NASA recently held an Open Source Summit where it described how it is using open source and how it intends to use it in the future. http://www.nasa.gov/open/source/live.html. Although I was not able to attend, the presentation by David Wheeler from the Institute of Defense Analysis of the Department of Defense was very interesting, both for his criticism for NASA’s approach to using FOSS as well as his discussion of how FOSS fits into the regime of government contracting. http://www.slideshare.net/ckleclerc/2011-nasa-open-source-summit-david-wheeler. The Federal Government has an elaborate set of procurement regulations (which differ between different agencies and which are very different from traditional “commercial arrangements” and set up a “unique” infrastructure for software licenses. Wheeler’s presentation describes how FOSS can be used in this system. I don’t agree with Wheeler’s complaints about the use of “intellectual property” but his summary can be very useful for persons trying to understand the fit between government regulations and FOSS.
Governments offer an enormous potential market for FOSS and the community needs to moniter government decisions on procurement, both at the policy level and on decisions about individual procurements.
My French partner, Sandrine Rambaud, brought to my attention a decision dated December 29, 2010, that leveled the playing field for open source vendors: the Administrative Court of Lille, France cancelled a public procurement procedure because the procedure excluded the possibility of proposing open source software in bid responses. Instead, the municipalities that put out the bid expressly required bidders to propose an Oracle database and Business Objects environments for the generation of reports.
The French company, Nexedi, which offers open source solutions, alleged that the tendering of the public procurement under such terms does not comply with the principles of equal treatment and non-discrimination, and in particular with Article 6 of the French Public Procurement Code. Article 6 provides that technical specifications included in a public bid cannot include the reference to a trademark or a patent, as such reference could favor or exclude some bidders or products. Such reference is only possible in very specific cases.
Nexedi challenged the validity of such procedure before the Administrative Court of Lille, which ruled to cancel the procedure. This decision is great news for open source companies and open procurement!
The Sixth Annual Spring Open Source Think Tank has now been scheduled on April 7th to 9th at the Sonoma Mission Inn in Sonoma. The Spring Think Tank is one of my favorite events because I get to spend time with the most interesting people in open source and discuss the future of the industry in one of the most beautiful areas of the world. By limiting attendees to CEOs, industry luminaries, CIO/CTOs, senior technology executives, legal experts and investors, we assure a lively and informed discussion (and a great opportunity to network with your peers).
We will be using our experience at the successful Fall Think Tank in Paris to add more real-world business cases to the agenda. Selected case studies will focus on the growing commercial maturity and complexity of open source and the evolution of cloud computing and SaaS. We are working on the agenda and will make it available closer to the date of the event. Just a reminder – this is not a traditional conference; all attendees are expected to contribute and actively participate in the brainstorming and workshop format.
This event sells out every year, if you have not already received an invitation, please go to .thinktank.olliancegroup.com and request an invitation.
Moreover, Andrew’s selection of Sonoma as the venue means that we are in the heartland of Pinot Noir and it is an implicit recognition by Andrew of the superiority of Pinot Noir over Cabernet Sauvignon. I am glad to welcome him to the lovers of the true wine!
We had a great time in Paris at our Third Open Source Think Tank this year! We had over 120 attendees, primarily from Europe http://thinktankeu.olliancegroup.com/index.php.
The two case studies were very different and illuminated the range of the open source market: Airbus and the Danish Government. The Airbus discussion was particularly fascinating as they described a product development cycle of twenty years with a product life cycle of forty years. Software has become critical to their planes, but given these time periods, proprietary software has significant disadvantages: (1) most proprietary software companies are likely to be acquired or go out of business during such a long period and (2) even if the proprietary software company still exists, the technology will be dated and the company may be reluctant to invest in maintaining it. An open source approach overcomes many of these problems.
The Danish Government described their efforts to encourage the use of open source in the government, including developing a forge. They faced many of the same challenges described by the State of California which we discussed at the Open Source think Tank in Napa.
We once again had a great discussion of M&A. This panel was particularly useful for startup CEOs because merger is the exit strategy for over 90% of venture backed startups. The panelists emphasized the need to ensure that the company has clear title to the intellectual property in the product. The failure to do so can result in significant delays and possibly reductions in the purchase price. They also noted that one problem that target companies rarely consider is the negative effect of large potential contract liabilities: the most common problem is unlimited liability for intellectual property infringement. Many acquiring companies will not accept such liability. In one case, the acquiring company structured the transaction as an “asset purchase” rather than a merger (much less favorable from a tax point of view for the acquired company) in order to leave the contract with unlimited liability behind. We also addressed these issues in the legal panel (see our presentation at http://www.scribd.com/doc/40133936/Open-Source-Paris-Think-Tank-2010-Final).
The cloud computing panel was supplemented by a real time poll. The attendees were more optimistic about the effect of cloud computing on the use of open source software than the attendees in the Napa Open Source Think Tank in the Spring. A large majority stated that the advance of cloud computing has not effected the adoption of open source software. Both groups agreed that security was the most significant barrier to the adoption of cloud computing. I am sure that this topic will continue to be important at future Open Source Think Tanks.
After the last presentation, we joined attendees of the Open World Forum for a cocktail party in the Paris City Hall and then had a wonderful dinner on a barge on the Seine. We look forward to seeing you next year.