Many of today’s hottest new enterprise technologies – IoT, Healthcare, AI – are centered on open-source technology. The free and open source software movement has moved well out of grassroots into mainstream – and license compliance issues and enforcement have followed.
Until recently, most instances of open source noncompliance were led by nonprofit entities such as Software Freedom Conservancy, gpl-violations.org or the individual project owners. Compliance disputes were typically resolved without outside government legal processes. However, as open source becomes more widely used, disputes involving private parties have increased.
Many of these lawsuits are centered on the non-compliant use of copyleft licenses in proprietary software without sharing source code.
CoKinetic System vs Panasonic Avionics
Earlier this year, CoKinetic Systems sued Panasonic Avionics for over $100 million.
Panasonic Avionics is a hardware manufacturer and market leader in in-flight entertainment and communication solutions. CoKinetic Systems is a software producer in the same space and a competitor to Panasonic Avionics. The lawsuit claims that Panasonic has violated the GPL license, in addition to employing other monopolizing tactics for in-flight entertainment and communication.
Monopoly?
Panasonics’ in-flight entertainment hardware uses a Linux-based operating system distributed under the General Public License. The GPL requires linked together software to be made open-source with the same GPL license.
Panasonic allegedly refused to distribute the source code for its operating system, and by doing this, blocked its competitors (including CoKinetic) from having the ability to develop software for the in-flight entertainment hardware. CoKinetic claims that this is a willful violation of the GPL v2 License, and that Panasonic is a willful infringer of the copyrights of thousands of software developers that have contributed to Linux.
Using Open Source Unfairly?
This is another example of a lawsuit between competitors where open source non-compliance plays a central role. Non-compliant usage of third-party content may put you on the hook for an anti-competitive lawsuit. Typically, more than 50% of a software product is comprised of third party/open source. At the same time, companies find that their license compliance is less than 5%. This common act of legal non-compliance gives an opening to B2B breach of contract or similar lawsuits when deals go bad.
It remains to be seen if the companies settle out of court, like many prior license violation cases. As enforcement activities increase, what should you do to avoid an accidental violation?
Start Managing Open Source Risk
- Educate at all levels of the organization about open source and proprietary license compliance
- Set and implement processes and policies to manage third-party components
- Invest in a complete Software Composition Analysis (SCA) platform to discover and manage the open source and third-party content you are using
A formal OSS strategy enables growing teams to balance business benefits and risk management. Here are some good questions to ask your teams to determine risk and get started on the road to compliance.