Slashdot Mirror
Management 'Scared' by Open Source
A discussion panel at EclipseCon exposed how managers are freaking out over open source. Apparently a disconnect exists between managers who set corporate open source policies and developers supposed to follow them, but who end up covering their tracks to make it seem like they are not using open source. Developers, though, end up using open source because of its ubiquity and not using it 'puts them at a competitive disadvantage because their competitors are.' And the Lawyers are in a panic.
When big enough companies use [or acquire companies that use] my software, I usually get a call from a manager or legal dept. Turns out big companies are not only scared of OSS but also public domain software. The idea that I give out something for anyone to use without license seems to scare them.
:-)
It's like a fiver you leave on a bus for anyone to have, people are always skeptical if they can in fact take it.
On the plus side, it's fun explaining the public domain to folk
Tom
Someday, I'll have a real sig.
Along the lines of #1, most folk I meet are fearful of the license issues in terms of "do we owe royalties or something?" Where I work, we use my public domain OSS projects, but we also use others (openssl, swan, the kernel, etc) and we have to be careful of how we distribute things. Fortunately, most of it is in source form which alleviates GPL/LGPL issues. But it's always in the back of our minds.
Tom
Someday, I'll have a real sig.
I had a problem with the BSD three clause license once. If you every read commercial software documentation, there is usually a section full of advertising clauses for contributed software. But no, management deemed this not acceptable. Of course there was no time either to remove the BSD code, so we just left it there.
:-). The only solution is to be careful with what you ship, period.
On the other hand the leaking of GPL code is a reasonable concern. It happens all to often with common software such as MySQL. And you here statements such as "but if we use Perl, we are not linking against the MySQL code", which are dubious at best. Or "if the customer downloads the library himself, we are not responsible".
Of course banning open source is not the solution. Actually most commercial software packages have some content of open source code (Windows has the BSD network stack, Matlab has BLAS, Adobe uses the JPEG library...). And even if you ban all open source software, you can still violate the license of a commercial package
Managers are under the mistaken impression that if i just use spring or Jakarta Commons, the company MUST open up the whole project in which it is used (like a proprietrary trading system) to Open Source.
Use how? What if one of the engineers needs a snippet of code, copies it from Spring, and incorporates it into their product without attribution? Suddenly, that company is legally vulnerable.
You only need to open up if and when you modify Spring framework with your own code
No, that is not correct - the Spring framework does not require you to distribute your changes. You just proved the point: licensing mistakes are easy to make. If you were developing a program that incorporated Spring, and mistakenly believed that it required you to license your source, you would cost your company a great deal of money by doing so. That is why the fear is legitimate.
Open source hacks is another fear they have: the fear that somehow using open source tools will make their client sue them.
And that's a reasonable fear. If I sell code that violates a license to a client, that client becomes legally vulnerable and might sue me. Because open source software is so accessible, it becomes easier to inadvertently violate a license.
Leak Back: Managers fear developers, in their zeal to promote open source, will incorporate company's code into open source for 'benefitting' others.
I doubt very much that's a concern. No developer is going to risk their job for open source warm fuzzies, and conversely, no open source project is going to accept leaked patches. Any project that did would open itself up to huge legal liability. Corporate espionage and bribery is a much bigger worry.
You mentioned maturity, but I think you have it backwards - corporations have developed strict, mature processes for keeping themselves on firm legal footing, and licenses are reviewed and vetted by the legal teams. The wide availability of license-encumbered code means that engineers have the opportunity to play lawyer. That's bad, and if you're a manager, you should be scared by that.
I believe that another important fear is that of disempowerment. Open source is usually free of charge, which means that their budgets and thus their importance decreases. Also, there is no need for developers and IT staff to go to their superiors to ask and beg in the first place. They can just download, evaluate and use free software right away.
Free software is also not advertised unlike commercial products, which means that managers can't even communciate, what is going on, to their kin.
Compare: "I recently negotiated a licencing deal with <known software company> for <known software product>, which i deemed to be the best solution because of <list of buzzwords>"
To: "Well, my IT guys implemented a working system on their own, using some software I can't pronounce and really don't understand."
How is that semantics? I thought that was the whole point - PHB's are afraid of having to release all or part of their precious proprietary software. But that's not what happened with Linksys/Cisco and the WRT54G routers. It was a striped down Linux distro. Ok, they had to put it together, perhaps write some shell scripts. I'm not sure where the web interface came from. But did they have to release any super-secret proprietary source code? I doubt it.
So really, has there been any actual cases of a manager's worst nightmare, the scenario that Microsoft has been FUD'ing us with for years - having to "open source" their internally developed software because a developer in some way used Open Source Software? That's what I'm after. And I don't believe it's ever happened. It's just FUD but the managers don't know any better.
There's a big difference between using openoffice, and altering open office and trying to sell it to someone else as a product. If the developers and management can't understand that, then there are other issues. Of course there are a couple issues with packages like MySQL, where simply calling the API can require you to open source your product, but that's just something the company has be aware of. I don't think dealing with open source licences is any more difficult than dealing with the closed source licenses that Microsoft et al give you with their product.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
This makes perfect sense though. Business want a paper trail that they can go back on if problems arise later. You may now say "no license is required...it's public domain". But what if 5 years from now, you decide to sue them for copyright infringement? How do they defend themselves without the paper trail? From a legal perspective, it's an order of magnitude easier to go back to the license and show that you're not infringing than to try to prove that your software used to be in the public domain 5 years ago.
Another problem with open source software is that patent liability is placed on the user of the software, not the creator. The SCO/IBM lawsuit shows that. License a piece of Microsoft software, and the patent trolls go after Microsoft. Use a piece of open source software created by Ted in his garage, and the patent trolls go after you.
IBM is VERY strict with open source now. Nobody is allowed to use open source or public domain code in their projects unless it's gone through a very rigorous screening method to make sure there isn't any copyrighted code in there. And they provide a 'whitelist' of software that has been prescreened and is allowed to be used by developers. This list is rather small though. It requires alot of effort to remain safe from a legal perspective, and I doubt that few companies outside of IBM have the resources or expertise to do it.
It's true I tell you, feller at work's next door neighbour read it in the paper.