McAfee Issues Warning Over 'Ambiguous' Open Source Licenses
January 7, 2008 Leave a comment
Looks like the recent Software Freedom Law Center filings may have had some impact on how companies think. From a recent InformationWeek article:
McAfee frequently cautions other companies about the latest bugs and computer viruses, but the security software maker is now warning that its own business could be in jeopardy — not from some form of malware but from the fact that its products rely heavily on open source software.
In its recently published annual report, McAfee warned investors that the “ambiguous” license terms governing the open source software it uses “may result in unanticipated obligations regarding our products.
“To the extent that we use ‘open source’ software, we face risks,” McAfee warned.
McAfee said it’s particularly troubling that the legality of terms included in the GNU/General Public License — the most widely used open source license — have yet to be tested in court.
“Use of GPL software could subject certain portions of our proprietary software to the GPL requirements, which may have adverse effects on our sales of the products incorporating any such software,” McAfee said in the report filed last month with the Securities and Exchange Commission.
Among other things, the GPL requires that manufacturers who in their products use software governed by the license distribute the software’s source code to end users or customers.
This seems like a bit of FUD to me, promulgated by a company worried about its business model. Keep in mind that it’s always an option to not use Open Source code. It seems to me that McAfee wants to enjoy all the benefits that comes with Open Source code, without giving back in any way. The fact that the GPL code is good enough that they want to use it should speak volumes. Just how long would it take them to rewrite all that code? What would the associated costs be? There is no free ride, nor should there be one. The fact is, if more secure operating systems that treat security as a first hand citizen (note, I am not just talking Linux here) become more prevalent, companies like McAfee are in big trouble. I find it interesting that some companies continue to insist that Open Source code and security are in opposition. It should be obvious why peer reviewed code would end up more secure as time goes on.