Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Worried Over "Ambiguous" Open Source Licenses

Posted by ScuttleMonkey on from the play-by-the-rules-and-no-one-gets-hurt dept.

willdavid writes to tell us InformationWeek is reporting that McAfee, in their annual report, has warned investors that "ambiguous" open source licenses "may result in unanticipated obligations regarding [McAfee] products." "McAfee said it's particularly troubling that the legality of terms included in the GNU/General Public License -- the most widely used open source license -- have yet to be tested in court. 'Use of GPL software could subject certain portions of our proprietary software to the GPL requirements, which may have adverse effects on our sales of the products incorporating any such software,' McAfee said in the report filed last month with the Securities and Exchange Commission. Among other things, the GPL requires that manufacturers who in their products use software governed by the license distribute the software's source code to end users or customers. Some manufacturers have voiced concerns that the requirement could leave important security or copyright protection features in their products open to tampering."

8 of 315 comments (clear)

  1. What's the problem? by zebslash · · Score: 5, Insightful

    Don't want to be bound to the terms of the GPL? Don't use GPL code!
    Just another piece of FUD.

  2. Fine. by palegray.net · · Score: 4, Insightful

    If you're worried about "uncertainties" with respect to any software license, don't include code in your application that might cause those licensing terms to apply to it. End of story.

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  3. just lazy companies. by bark · · Score: 5, Insightful

    there is no free lunch. these manufacturers are seeing the "gold mine" open source software as a way to do less work. Well, you've got to comply with the terms of the license if you distribute it. no 2 ways about it.

  4. Re:I don't get it by Broken+Toys · · Score: 5, Insightful

    "McAfee's warning may have been prompted by the fact the Software Freedom Law Center, an open source advocacy group, recently filed a series of lawsuits against alleged GPL violators."

    The article isn't very clear on this point but it sounds like McAfee is almost admitting they violated the GPL and are about to end up in court.

  5. Re:I don't get it by unlametheweak · · Score: 4, Insightful

    The article talks more about lawsuits regarding GPL license violations than it does about security issues.

    Much security software is already open-source: encryption, firewall, virus scan, etc. The fact is that there is no inherent security problem with GPL software. McAfee just appears to have a problem with the licensing.

    Yes it seems like they would like to have their open source cake and eat it too.

  6. Re:I don't get it by unlametheweak · · Score: 5, Insightful

    Yes. And to correct the article, they aren't really worried about having to release code may "leave ... products open to tampering", but rather, people might find blatantly obvious bugs or omissions with how they "protect" your computer. And then profit from it, either by writing rootkits or whatever that bypass their "protection" or by sueing them when they are infected by these rootkits. I would suspect that it would be easier to run automated programs for finding buffer over-runs, etc, rather than phishing through thousands of lines of code looking for a non-obvious vulnerability (anybody who has ever coded knows that ALL coding mistakes are non-obvious... as soon as they press the compile button :P).

    By their logic it would be trivial to hack into a Linux computer because it is open-source, and next to impossible to hack into a Microsoft computer.
  7. Re:Lone programmer, against company policy by Anonymous Coward · · Score: 4, Insightful

    You are seriously mistaken. You are assuming that it is company policy to inappropriately incorporate GPL'd code. It may be against policy but a programmer may get lazy and do it on his own. Then when that's identified, they have to remove the code, if necessary pulling the product. Or comply with whatever license the copyright holder is prepared to grant them. This is EXACTLY the same position as if the lazy programmer had infringed on a previous employer's code, or on leaked Microsoft code or... any other copyright infringement at all.

    Their best bet is to tighten up on their recruitment and code review processes. That would certainly beat complaining that it MAY turn out that some of their employees may be breaking various laws and that if they are then the victims may be gosh darned unreasonable about it.
  8. Re:I don't get it by HangingChad · · Score: 5, Insightful

    Do their own graft, write their own damn software, and stop freeloading off the community.

    What kind of leftie, tree-hugging nonsense is that? Expecting corporations to accept responsibility when there is shareholder value to consider, quarterly numbers to make and fat bonuses to earn.

    Accountability...I can't believe such a radical concept will ever fly. The American corporate way is to have our cake, eat it too and expense the bill as entertainment.

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage