GPL Violations: Learning the Hard Way

GNU General Public License (GPL) is a copyleft license that requires developers to keep source code open and under the GPL. Software under an open source license is used and re-used—most likely—quite often. Given that, the potential for violations certainly exists. And, yes, they do happen.

Possible case in point, it was revealed just days ago that another GPL infringement may have occurred by Symantec. Linux was discovered in the Norton Core Router product. However, the company may not have released the router’s source code.

Yes, it may be 2018, but non-compliance remains a concern. Given the breakthroughs and advancements in the IoT, AI, mobile technology, and Fintech—to name a few—compliance should continue to rise to the top of the priority list for security, developer, and legal teams.

What to Look For

Related to this most recent potential violation, companies need to be aware that embedded and IoT devices are based on Linux and pay attention to the Copyleft and source distribution requirements. A device that, for instance, has a power cord, a wi-fi antenna or Ethernet cable is almost certainly based on Linux and, therefore, require the appropriate open source disclosures and distributions. Often the device itself will advertise its operating system.

Development and/or product teams should expect to comply with the GPL. If, as a Team Lead or Manager, you recognize that your team is building a Linux-based product, take the legal requirements of source code use seriously. Get comfortable with knowing there is a process involved with understanding what those requirements are, and however time-consuming, dedicate the resources to ensure 100% compliance:

  • Focus on compliance during the appliance, product or application build
  • Educate your development team on the specifics of open source and commercial license compliance
  • Give teams the tools needed for Open Source management, monitoring, and scanning

Better to put forth the effort before product release than after when it is potentially costly both in time, legal fees and reputation.

Manage Your Open Source Risk

Invest in an open source management platform. Develop a formal OSS strategy, policy and process that empowers growing organizations to balance the business benefits with the right amount of risk management.

Getting this right the first time—and every time after—makes you a market leader.