Fortunately, open source risks are less for state governments than for private sector companies, according to Linda M. Hamel, general counsel, Information Technology Division, Commonwealth of Massachusetts -- who, in September, laid out nine ways to protect state government from the legal risks posed by the use of open source software.
"It is crucial that end-users and developers alike understand the reality of legal implications and patent issues surrounding OS software," says James Gatto, an intellectual property partner in the Northern Virginia office of Pillsbury Winthrop. "However, it is important that people not fall prey to unfounded myths or succumb to the fear, uncertainty and doubt tactics that some people say Microsoft is using."
In October, the Federal Financial Institutions Examination Council (FFIEC), which sets standards for financial institutions, issued guidance regarding the use of open source. The FFIEC members include the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation, among others.
The FFIEC guidance takes a balanced approach, indicating that the use of open source poses many risks similar to those of proprietary software, but cautions institutions that open source necessitates implementation of "unique risk management practices" due to potential licensing, infringement, indemnification and warranty issues. The FFIEC does not take a "sky is falling" approach. Rather, it advises companies involved with open source to be aware of certain strategic, operational and legal issues and to adopt suitable risk management practices.
A 2004 Forester survey of 140 large North American companies revealed that 46 percent of these companies already are using open source software and another 14 percent plan to do so soon.
"Between Microsoft's posturing and the latest guidance from the FFIEC, it is clear that companies migrating to open source need to tread carefully," Gatto stated. "However, there are a number of strategies and tactics that can mitigate potential liability."
Gatto noted that some unique legal issues arise with open source software but that there are unique benefits as well. The suggestion that users of open source software are more likely to be sued for patent infringement than those that use proprietary software does not appear supported by actual experience.
It is also not correct that open source software can not be patented. Many companies that are involved with open source have significant patent portfolios and have declared that they will use these patents defensively to protect against patent lawsuits. For example, in October, Novell vowed to use its patent portfolio to protect open source software products and voiced its opposition to proposed changes to the European Union software directive that would ease restrictions on software patents. Jeremy Bevan, a Novell VP, added, "there have been various rumors about the possibility of patents in open source technology and what will happen," saying that the company wanted to reassure its customers that "there's no greater risk" with open source than with proprietary technology.
"Any software, whether Open Source or proprietary, is equally eligible for patent protection," Gatto explained. "Companies need to take steps to patent their software to build a patent portfolio in the event they are accused of infringement. This defensive strategy could ward off lawsuits or if sued, create leverage by being able to counter sue."
