One disturbing trend is the posting of FOSS modules without licenses. Simon Phipps focused on this problem in his recent blog, particularly on the problems raised by the terms of service at Github. James Governor, the founder of analyst Red Monk, is quoted by Simon as stating: “”younger devs today are about POSS - Post open source software. f*** the license and governance, just commit to github” http://www.infoworld.com/d/open-source-software/github-needs-take-open-source-seriously-208046. Ironically, this approach will undercut the major desire of most FOSS developers: the broad use of their code. The lack of a license ensures that the software will be removed from any product meant to be used by corporations. Corporations are very sensitive about ensuring that all software that they use or which is incorporated in their products is properly licensed. I have worked on hundreds of FOSS analysis and the response to software without a clear license is almost always “rip it out”.
One other consequence not mentioned by Simon is that the failure to include a license also means the developer (and distributor) have potential liability in the United States under Article II of the Uniform Commercial Code (“UCC”). Article II of the UCC provides that if certain warranties are not “disclaimed” then the distributor (“seller” in UCC language) automatically gives those warranties. These warranties are disclaimed in all FOSS licenses, generally in capital letters and are the source of the provisions using obscure terms such as “merchantability” and “fitness for a particular purpose”. The developer would be liable for these warranties: merchantability (the product is of average quality in the trade), fit for a particular purpose (if the developer or distributor knows of the use by the licensee, then the software will be fit for such purpose) and indemnity (an indemnity for intellectual property infringement such as copyrights and patents). And if such warranties are breached the developer would be liable for “consequential damages” which includes lost profits. While it is unlikely that such suit would be brought, the potential liability for the developer will continue.
The use of the Android operating system continues to grow. Gartner recently reported that Android had become the leading operating smartphone operating system in the world in the first quarter of 2011. http://www.computerworld.com/s/article/9216848/Gartner_Android_and_Apple_win_big_globally_in_Q1. Android grew from 9.6% to 36% of the market in the last year. Its lead over smartphones running Symbian is now almost 10 million units per quarter. During the first quarter of 2011, manufacturers distributed 36.3 million smartphones running Android while only 27.6 million smartphones running Symbian were distributed.
Yet Android continues to be a very complicated product from a licensing point of view http://lawandlifesiliconvalley.com/blog/?p=635. Peter Vescuso of Black Duck and I worked to provide a summary of the issues in managing licenses in software development based on the Android operating system http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202495469387 . I have included a more detailed legal perspective http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202495473435.
My French partner, Sandrine Rambaud, brought to my attention a decision dated December 29, 2010, that leveled the playing field for open source vendors: the Administrative Court of Lille, France cancelled a public procurement procedure because the procedure excluded the possibility of proposing open source software in bid responses. Instead, the municipalities that put out the bid expressly required bidders to propose an Oracle database and Business Objects environments for the generation of reports.
The French company, Nexedi, which offers open source solutions, alleged that the tendering of the public procurement under such terms does not comply with the principles of equal treatment and non-discrimination, and in particular with Article 6 of the French Public Procurement Code. Article 6 provides that technical specifications included in a public bid cannot include the reference to a trademark or a patent, as such reference could favor or exclude some bidders or products. Such reference is only possible in very specific cases.
Nexedi challenged the validity of such procedure before the Administrative Court of Lille, which ruled to cancel the procedure. This decision is great news for open source companies and open procurement!
The Sixth Annual Spring Open Source Think Tank has now been scheduled on April 7th to 9th at the Sonoma Mission Inn in Sonoma. The Spring Think Tank is one of my favorite events because I get to spend time with the most interesting people in open source and discuss the future of the industry in one of the most beautiful areas of the world. By limiting attendees to CEOs, industry luminaries, CIO/CTOs, senior technology executives, legal experts and investors, we assure a lively and informed discussion (and a great opportunity to network with your peers).
We will be using our experience at the successful Fall Think Tank in Paris to add more real-world business cases to the agenda. Selected case studies will focus on the growing commercial maturity and complexity of open source and the evolution of cloud computing and SaaS. We are working on the agenda and will make it available closer to the date of the event. Just a reminder – this is not a traditional conference; all attendees are expected to contribute and actively participate in the brainstorming and workshop format.
This event sells out every year, if you have not already received an invitation, please go to .thinktank.olliancegroup.com and request an invitation.
Moreover, Andrew’s selection of Sonoma as the venue means that we are in the heartland of Pinot Noir and it is an implicit recognition by Andrew of the superiority of Pinot Noir over Cabernet Sauvignon. I am glad to welcome him to the lovers of the true wine!
When Microsoft contributed drivers to Linux to GPLv2, my reaction (and the general reaction in the community) was that “hell had frozen over” and to bring out the skates http://www.microsoft.com/presspass/features/2009/Jul09/07-20LinuxQA.mspx. Several recent reports suggest that these contributions were not voluntary and Microsoft had included GPLv2 licensed code in these drivers http://linux-network-plumber.blogspot.com/2009/07/congratulations-microsoft.html (Steve Hemminger of Vyatta) and http://www.kroah.com/log/linux/microsoft-linux-hyper-v-drivers.html (Greg Kroah-Hartman of Novell).
I view this contribution as valuable even if legal concerns drove it. I think that Microsoft acted as a responsible member of the community which is the behavior that we want to encourage. They could have simply rewritten the code to remove the open source components. I am under no illusion that Microsoft has suddenly turned into a complete supporter of open source (and for clarity, neither I nor my law firm represents them). However, Microsoft’s engagement with the open source community is going to be a gradual one and will have fits and starts. Microsoft is still fundamentally based on a proprietary model and has that mind set. They can change and should be encouraged to change. I hope that these revelations will not result in an attack on Microsoft for not being “truly” committed to the open source community. We should, instead, encourage them to continue to be involved.
This situation is a warning to companies that they need to have an open source policy and a process for managing their work with the open source software. See my earlier post, http://lawandlifesiliconvalley.com/blog/?p=107.
In fact, I think that the Microsoft press announcement bears further scrutiny, In addition to the announcement of the contribution, Sam Ramji mentions several ways in which Microsoft is implementing open source in their business strategy. This increased use of open source by Microsoft should be encouraged.
The most recent Black Duck survey of the use of open source licenses reveals some very interesting trends. http://www.marketwatch.com/story/gplv3-licenses-quadruple-in-2009-but-gpl-projects-drop-by-five-percent-from-2008-levels.
First, GPLv3, the first revision to GPLv2 in twenty years, is increasing in adoption: it is now the fifth most common license, passing Mozilla, MIT and Apache. However, many large and important projects such as Linux, Hibernate and JBoss have chosen to remain with GPLv2. According to Black Duck, GPLv3 is growing at four times the rate of last year. GPLv3 is used on 9500 projects. These numbers reflect both decisions by new projects as well as existing projects. However, the decision to remain with GPLv2 has more than strategic dimension: large existing projects need to deal with the practical issues. For example, Linux has over 10,000 contributors and a shift to GPLv3 would require permission from each one of them (or rewriting the code) because Linus Torvalds licensed Linux under a “locked down” version of GPLv2. GPLv2 ,by its terms, permits any recipient of GPLv2 licensed software to shift to a newer version of the General Public License unless the licensor chooses to “lock down” the General Public License to a particular version. However, even projects which are not “locked down” need to carefully consider this move because the terms of GPLv2 and GPLv3 are inconsistant and a shift to GPLv3 would “fork” the project.
Second, Black Duck notes that the use of GPL license variants declined by 5%. I have not seen this shift in my practice (which is more focused on companies with commercial interests), but I think that it may reflect the greater number of projects being made available by universities (and some corporateions) who are interested in ensuring the widest possible usage and, thus, pick a permissive license like BSD or Apache. Matt Asay has an interesting perspective on this issue http://news.cnet.com/8301-13505_3-10276903-16.html?tag=mncol;title. I don’t agree with him that the licenses are irrelevant, but I do agree that data is a new source of value. Ironically, data is very difficult to protect under the US legal regime since its protection under copyright is limited.
I am surprised that we have not seen a greater growth in the use of the Affero General Public License v3. This license is the GPLv3 with a “network use” provision. Essentially, the license broadens the situation in which the GPLv3 obligations (making source code available and right to modify etc) are imposed from distribution (GPLv3) to include making the software available over a network. As we move into a more web centric world, I think that projects (and companies) which are trying to achieve the GPLv3 level of a “commons” need to consider AGPL. However, I will note that for many prospective licensees, the scope of AGPL is very troubling and there is a reluctance to license software using the AGPL software. For more information about aligning your business strategy and your intellectual property and licensing strategy, you can see by OSBC presentation at http://www.slideshare.net/markradcliffe/ip-and-licensing-strategy-for-open-source-companies
The Black Duck survey continues to provide very useful information about how the industry is evolving.
After a busy year end, I have time to reflect about the last year and developments in open source. I was particularly interested in the cascade of articles and comments about how the “Open Source” business model is broken started by Stuart Cohen’s article in Business Week on December 1. http://www.businessweek.com/technology/content/nov2008/tc20081130_276152.htm. I believe that Stuart is just wrong. I think that Charles Babcock got it right in his blog responding to Stuart. http://www.informationweek.com/blog/main/archives/2008/12/open_source_bus.html?cid=RSSfeed_IWK_ALL.
From my point of view, Charles’ most important point is that “open source” is not a business model, it is a means of developing and distributing software. And 451 Group makes a similar point in their report on open source business models (which actually pre dated Stuart’s article). http://www.the451group.com/caos/caos_detail.php?icid=694. I represent over fifteen open source startups (as well as large companies developing open source software) and they have a variety of ways of making money on open source software, ranging from “dual” distribution to support for proprietary additions. Marten Mickos in his keynote at OSBC in 2007 noted thirteen different ”open source” business models. http://akamai.infoworld.com/weblog/openresource/archives/OSBC2007%20-%20Marten%20Mickos%20Keynote.pdf. Second, “open source” cannot be a single business model because it spans a wide variety of different products: the business models for application software are quite different from infrastructure software. Third, most of the companies that I represent use a mix of business models, such as dual distribution and SAAS. In fact, even the “dual” distribution model has two forms: the newer model in which the company distributes a commercial version which has additional functions compared to the open source version and the older model in which the open source and the commercial version are the same. While the characteristics of “open source” development have strong similarities across different types of products, the business models are likely to quite different and will continue to evolve.
The open source community also owes Charles Babcock (and his colleagues at InformationWeek) a vote of thanks for the Analytics report “Open Source Enterprise: Its Time Has Come, And the Price is Right.” It provides an excellent summary of the state of open source software in the enterprise, with plenty of specific examples. However, I think that the most interesting part of the report is “What Happens After the Acquisition”. This section describes the challenges faced in the integration of open source companies into larger companies. The nature of open source companies and their communities requires a different approach from traditional acquisitions. In particular, the acquiring companies need to consider carefully the effect on the open source companies employees and their community when modifying the business model. As more open source companies are acquired by traditional software companies, these issues will take on increasing importance. Both sides need to understand that such an integration will require flexibility.
I think that 2009 will be a very interesting year for open source!
The DLA Piper 2008 Technology Leaders Forecast Survey found that the use of open source software, while widespread, remains misunderstood. The Survey found that software companies used open source software in 65% of their products, as compared with use of open source software in 55% of the products of all technology companies. This number drops to 29% of the products when all respondents are included. However, only 48% of these companies have an open source use policy (software companies were more likely to have an open source use policy).
Smaller companies, those with fewer than 1000 employees, used open source software in almost half of their products (44%), yet 35% of these companies do not have open source use policies. Larger companies, those with more than 5,000 employees, reported use of open source software in only 9% of their products and 65% do not have open source use policies. I find that this number for use of open source software among large companies is strikingly low.
I think that the survey reflects a continued misunderstanding among large companies about how widespread is the use of open source software.The failure to have an open source use policy is very dangerous in the world of complicated “hybrid” products: open source licenses do not mix well with commercial licenses without careful analysis. http://lawandlifesiliconvalley.com/blog/?p=18. The risk is particularly high now because the financial downturn means that licensors will be carefully reviewing compliance with license terms to try to find new sources of revenue. For additional thoughts on this issue, you can see my interview. http://www.youtube.com/watch?v=MsZKWFmT0qs&eurl=http://www.dlatechlaw.com/search?updated-max=2008-10-21T13%3A46%3A00-04%3A00&max-results=7