Slashdot Mirror
Does Using GPL Software Violate Sarbanes-Oxley?
Anonymous Coward writes "eWeek is reporting that The Software Freedom Law Center has published a white paper that dismisses recent publications from embedded systems seller Wasabi Systems. Wasabi recently released statements focusing on alleged GNU General Public License violations in relation to the Sarbanes-Oxley Act of 2002. The white paper, titled "Sarbanes-Oxley and the GPL: No Special Risk," essentially counsels users of the free software license that they have no need to worry."
SOX requires strict change management controls over financial systems. When we went through our audit, the auditing company was mostly concerned with how changes were made to these systems, what management controls were in place to monitor these changes, and the processes that were in place to ensure their integrity. None of the OSS software used in these processes was given a second glance beyond the aforementioned items. As an example, our use of Nessus as one the our tools for network audits and our archive of Nessus scans was applauded.
Just my Experience.
What would use of software have to do with the GPL... The user does not have to accept the terms of the GPL to USE the software...
The phrase "more better" is acceptable English. suck it grammar Nazis
I speak from experience and people can and will use SOX as an excuse for anything and everything. The problem is auditors are now trying to understand technology and they just don't get it.
/etc/shadow hahahahahahhaa.. It's hilarious.
The basics of SOX is that your CEO must sign that the proper controls are in place to ensure that all changes made to production systems that affect the reporting of financial information are approved changes.
Companies can take this to mean that changes to your firewalls, mail servers and webserver need to be logged and monitored with scrutiny. And they will even send "auditors" in to take screenshots of
Realistically it is impossible to be 100% SOX compliant and profitable. This bill will be gone within 5 years and other countries without silly laws like this will prosper in the meantime.
So yes. If there is a not an audit trail in place where someone approves of applying that patch to the linux kernel on all production machines then you are not SOX compliant. Just like if someone doesn't approve installing that critical service pack from microsoft. Without approval and test cases you will fail your SOX audit unless you pay the extortion^H^H^H^H^H^H^H^H^H fee that anderson^H^H^H^H^H^H^H accenture is charging these days.
Yes, let them go wild. It will teach the average "investor" that there is no such thing as a free lunch. You should NEVER put your money into a business that you don't have faith in or trust. If you make it government's job to make people "tell the truth" you'll get lies covered by legal loopholes.
The problem starts with the Fed (Greenspan, Bernanke and their inflationary cycle) that makes money worthless over time so we seek to invest it to at least break even. The problem is made worse by the same inflationary cycle that makes our salaries go up slower than the inflationary cost of living increases (which go up because of the money printing). It goes downhill from there -- the SEC makes investors believe they're protected, which in a free market is a fallacy. You are only protected through contracts, not through law forcing people to act a certain way. Beyond contracts you protect yourself by doing business with people with a history (see eBay's feedback system).
This is all a mess, made worse by people who have faith in others. I have no faith in others except those who have proven their trustworthiness to me. This is why I only invest in businesses I have direct contact with.
I knew the founders of Wasabi Systems, here in NYC. The original "brains" behind the startup, which planned a "Red Hat for NetBSD", got screwed by his lawyer partner in the late 1990s, and left. No surprise to hear their business model is lying about GPL (Linux) in press releases.
--
make install -not war