I went to a breakfast seminar run by Pinsent Masons (aka Out-Law) in Edinburgh this morning. I noticed Royal Bank of Scotland badges, as well as the usual suspects: public bodies, other consultants and developers (some not even in suits!). In fact, the seminar was apparently the best attended they’ve had for a long while, or so claimed John Salmon, the partner introducing the event.
Anyway, back to the main point, which is to get my notes down, starting with the central message:
Evaluating risks is key to choice between Open Source and proprietary software
I guess if you’re going to do IPR, you should do it right. And you need to do IPR: the talk covered enough new ground on IPR protection and risk management to make it worthwhile getting up at 7am for.
Quotes are from OUT-LAW Breakfast Seminar: Open Source software, Spring 2006
From what was said, it sounds like the most (potentially) confusing area is patents. There are many arguments against software patents, but they exist and are enforced, particularly in the USA, so businesses have to take account of them.
There is no case law on the use of copyright law in the enforcement of Open Source software (OSS) in the UK:
UK copyright law favours the individual author and does not easily adapt to a situation where there are hundreds of collaborators in a single work.
On the other hand, the GPL has been shown to be enforceable in Germany.
Another complication specific to the UK: If the Unfair Contract Terms Act or the Sale of Goods Act are relevant, some of the exclusions in OS licences might not be enforceable
The business perspective
With OSS, the risks can be divided between two scenarios:
Organisation considering using OSS
The issues revolve around warranties. Firstly of suitability for purpose and service levels generally – these are are often explicitly excluded even by proprietary software.
The second area is unique to OSS applications: there is no-one to guarantee the user against unexpected royalty demands or claims for breaches of copyright – for instance from the likes of SCO.
Thus there is possibly a need for buying an indemnity – as sold Red Hat and other large consultancy. I’m not sure if they are available through insurance companies
Organisation developing software for resale
Even the GPL allows internally developed software to be kept in-house. but there is business risk in inadvertently infecting in-house commercial code with the GPL. The recommended approach is
- logging of the use of externally developed software
- a software policy that specifies what licenses are acceptable and procedures for managing infection by copyleft applications
Of course, if the business is itself developing OSS code, there is no problem
(1) most (all?) OS software repositories such as Savannah or Sourceforge are sited in the USA and (2) the USA is the country that does software patents on the largest scale (though they also exist in Europe). Since an independently developed application can inadvertently breach a patent, it leaves users of OSS in a potentially vulnerable position.
I wonder if the risks from US litigation are higher if you’re using a OSS application hosted on a US site? Maybe that’s an argument for the use of the EUPL and a European-based repository?
Oh yes – good bacon rolls by the way!