Last week, ZDNet posted a news item on the Linux Foundation's upcoming Legal Summit.
Having a series of Legal Summits seems like a good idea, however, it seems as thought the events are missing the target audience that could most benefit from the information since the inaugural Summit is restricted to legal folks. Jim Zemlin, executive director of the Linux Foundation, commented in the article, "Many of today's legal conferences unnecessarily scare or confuse open-source users, developers and vendors."
I'm not sure I buy into that statement. If the above-mentioned folks are frightened by what they're hearing, it may be because they feel overwhelmed by the challenge of managing OSS, or they have been ill-informed, or they have no clue what OSS they are using and where they are using it and therefore, are nervous about opening a Pandora's box of IP issues -- which is almost always what happens when you're running blind.
I also think it's true that people are confused by OSS issues but not because of legal conferences, more likely because licensing challenges are extremely complex, diverse and sometimes so vague that legions of legal experts would disagree on their interpretation.
The legal folks targeted for the Linux Foundation's summits are sometimes, but probably not, the users of OSS. More likely they are called upon by their enterprise clients to interpret OSS challenges and legalities, and even then, each legal team will have their own perception of what is and isn't an intellectual property violation. The legal teams might not experts in BSD license interpretation or GPL2 vs GPL3 forking issues, or even, whether or not an artistic license is really a problem.
There are real risks involved with using open source code. Not more risks than proprietary software might present, but unique challenges such as code leakage, IP violations, and the one thing the Legal Summits surely won't cover, OSS vulnerabilities.
Playing down the challenges associated with OSS does a disservice to a great alternative to expensive and complex proprietary software. Having a solid understanding of what the risks of OSS are, and how to effectively manage them, prepares organizations to take advantage of a cost-effective, collaborative and innovative development solution. Best practices for managing OSS use are more in line with what organizations, and legal teams, need to be focused on. Knowing what you have, where you have it, how you're using it, and whether or not it's secure, are important answers to have. Proactive code audits can tell you what you need to know -- before you call the lawyers to help you interpret the findings.
--Melisa LaBancz-Bleasdale
