Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Some Linux Users Violate Sarbanes-Oxley

CmdrTaco posted more than 8 years ago | from the you-gotta-be-kidding-me dept.

United States 233

Goyuix writes "According to the IT Observer, publicly owned companies who are using Linux, could be violating the federal securities laws as part of Sarbanes-Oxley. The article goes on to say that companies are required to "disclose ownership of intellectual property to their shareholders." How are these companies supposed to really list out all the IP owners if they were to install a full desktop or server environment - there could be literally thousands of parties listed! What are the current Fortune 500 companies doing, as many of those use Linux in one form or another?" update several people have pointed out that this is about companies who are violating the GPL, not everyone.

Sorry! There are no comments related to the filter you selected.

Not just Linux (4, Insightful)

balster neb (645686) | more than 8 years ago | (#14511957)

It appears that this would apply to any free software, not just Linux. It would apply to at least all GPL'd software, including gcc, etc.

Re:Not just Linux (1, Informative)

Anonymous Coward | more than 8 years ago | (#14511996)

This is only for violations of the GPL, not for just using the software.

Re:Not just Linux (2, Insightful)

tambo (310170) | more than 8 years ago | (#14512429)

This is only for violations of the GPL, not for just using the software.

But I don't know how "violation of the GPL" really connects with "ownership of IP."

From TFA:

"According to the study, the problem lies with the requirements of the Sarbanes-Oxley Act that companies disclose ownership of intellectual property to their shareholders. The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley."

Huh? Taking this statement at its face value: A company that receives software under the GPL does not "own" any "IP." They merely have a license to use the IP embedded in the software. Whether or not they violate that license has no bearing on "ownership" of IP... and if they don't "own" any IP in the GPLed software, then they haven't violated Sarbanes-Oxley by failing to "reporting" any kind of ownership.

"Linux is a powerful operating system," says Jay Michaelson, an author of the study and Wasabi Systems' General Counsel. "But if companies violate the license, the consequences can be more severe than they think. If companies are violating the GPL, they don't have the right to use that software. And if they don't have the right to use the software, they're violating federal law if they claim that they do."

Huh? Last I checked, the GPL was a private license. If they violate a private license in any way, then they are liable for breach of contract, which is in no way "federal law." The only "federal laws" they are violating are federal IP laws - but again, those laws only create private causes of action by the IP owners. License violations do not create liability to the federal government (unless the federal government actually owns the IP.)

As best I can tell from TFA, this gentleman means that companies are modifying GPLed code and then reporting it to shareholders as their "owned" IP - but that this claim of IP "ownership" is incorrect and fraudulent, since their violation of the GPL precludes them from "owning" their modifications. But TFA is way too light on details to be confident of this interpretation... and I'm not completely sure that the GPL works that way, anyway.

- David Stein

Any OS? (2, Insightful)

mattro (464351) | more than 8 years ago | (#14512123)

Have any of you looked at the list of licenses that are included in major packages? In any commercial OS? Pick your favorite app, click Help-About, and many times you'll get a nauseating list of patents, copyrights, and other licenses for technologies that make the app work. If disclosing IP in the apps in an office is required, using OSS isn't going to be any harder to document than trying to find the IP in some commercial product.

Re:Not just Linux (2, Funny)

HugePedlar (900427) | more than 8 years ago | (#14512208)

Indeed - why does linux have a monopoly on IP?

How are these companies supposed to really list out all the IP owners...

Well, start with 192.168.0.1 and work your way up I suppose.

Re:Not just Linux (0)

Anonymous Coward | more than 8 years ago | (#14512329)

192.168.x.x (and 10.x.x.x, 127.??? (not sure on the mask for this one)) is not owned by anyone.

For the other IP just run a script calling /usr/bin/whois for each address.

Oh the humanity!

The difference between Linux and Windows. (0)

Anonymous Coward | more than 8 years ago | (#14512299)

The reason Linux is at risk and Windows isn't is that Windows is so primative that there is no meaningful IP in Windows.

More seriously - Just because you get Windows from Microsoft doesn't mean that all the IP in Windows is from Microsoft. At least with Linux it would be possible to track down the original sources of the IP.

If that is indeed required for Sarbanes Oxley, then it would be *Impossible* to comply using Windows because Microsoft'll never tell you where all the IP contained in it came from.

Re:Not just Linux (3, Interesting)

tobiathan (946741) | more than 8 years ago | (#14512305)

As one who has had the sad misfortune of suffering through a few SOX audits, it is more about how the auditors choose to interpret and apply the regulations, and less about the regulations themselves.

There is also the argument about what constitutes a "material" defect or weakness. Unless someone is running the backbone of their financial system on Linux or other sw covered under GPL, this is probably not relevant as it would not be considered material to the integrity of their financial data.

Ownership != utilization (4, Insightful)

SIGALRM (784769) | more than 8 years ago | (#14511962)

companies are required to "disclose ownership of intellectual property to their shareholders." How are these companies supposed to really list out all the IP owners if they were to install a full desktop or server environment - there could be literally thousands of parties listed!
There's a big difference between ownership and utilization. For example, if McDonalds employs the use of WinXP workstations in their facilities, that does not mean that they own, but instead license Microsoft's IP.

Re:Ownership != utilization (1)

Mike Markley (9536) | more than 8 years ago | (#14512005)

Yes, and the article itself says that the risk is if the company is VIOLATING the GPL. The submitter read only the IT Observer headline before submitting this, or didn't understand the article.

Re:Ownership != utilization (0)

Anonymous Coward | more than 8 years ago | (#14512036)

Regardless, GP makes a valid point. You can't be penalized for not disclosing ownership of IP that you don't really own.

Re:Ownership != utilization (1)

AltGrendel (175092) | more than 8 years ago | (#14512019)

Agreed!

This whole thing is a Red Herring, just another spin on the FUD wheel.

Re:Ownership != utilization (5, Interesting)

bedroll (806612) | more than 8 years ago | (#14512056)

There's a big difference between ownership and utilization. For example, if McDonalds employs the use of WinXP workstations in their facilities, that does not mean that they own, but instead license Microsoft's IP.

I completely agree. Just to expand on that, it should also be noted that the GPL does not transfer ownership of IP unto you, it merely gives you license to modify and reuse it. A company would then have to disclose their IP after they changed that code.

Reading the article, it appears that the author is a little confused. The second sentence talks about violating the GPL. You don't violate the GPL by simply using Linux. So maybe the real issue is with companies that release GPLed software without proper attribution and GPL compliance, but that's not the way the article reads.

Re:Ownership != utilization (1)

bedroll (806612) | more than 8 years ago | (#14512101)

but that's not the way the article reads.

Actually, the article does read that way. Oops.

Re:Ownership != utilization (1)

SilverspurG (844751) | more than 8 years ago | (#14512196)

A company would then have to disclose their IP after they changed that code.
Only to people who have licensed their product. There's no requirement that they put their changes out in the open for everyone.

Re:Ownership != utilization (2, Interesting)

Firehed (942385) | more than 8 years ago | (#14512233)

Can't this just be as simple as "We use/have modified the xxx distribution of Linux. If you want to know everything and anything about it, here's Google/a link to a site that has every Linux contributer ever. And if you want to know how it works and exactly who wrote what line of code, here's the source code."

In any case, do shareholders actually care? Maybe I'm not thinking about this hard enough, but I honestly doubt it. As long as the company they own a share of isn't doing anything distinctly illegal (last I knew, using free software wasn't, but IP laws are getting really wierd), I doubt whether most people care whether they're using Redhat or Mandrake as long as they're still a profitable company.

Re:Ownership != utilization (1)

John Hasler (414242) | more than 8 years ago | (#14512397)

> Can't this just be as simple as "We use/have modified the xxx
> distribution of Linux. If you want to know everything and anything
> about it, here's Google/a link to a site that has every Linux
> contributer ever.

That is far in excess of what they would need to do. The don't need to say anything at all about mere use or unmodified distribution as the does not give them ownership of any "IP". If they make modifications a brief description of the program modifed and the modifications they made would suffice. There is no need for them to go on about who else contributed. If the value of their contribution is small I doubt that they are required to reveal it at all.

Re:Ownership != utilization (2, Interesting)

Anonymous Coward | more than 8 years ago | (#14512275)

For example, if McDonalds employs the use of WinXP workstations in their facilities, that does not mean that they own, but instead license Microsoft's IP.

Actually, they do own the physical media, and they own a copy of the software. The EULA restricts what McD can do with the software.

However, McDonalds does not own the copyright on windows XP. If they did own the copyright, McD would have to disclose that they own the copyright, because the copyright to windows XP is worth quite a bit of money - it is a significant asset.

Re:Ownership != utilization (1)

bedroll (806612) | more than 8 years ago | (#14512389)

Actually, they do own the physical media, and they own a copy of the software.

Read his post again. He never mentions anything of the media. He only mentions IP, which is the blanket term for copyrights and patents, and I think they bundle trademarks in there too.

This makes no sense. (1, Interesting)

afeinberg (9848) | more than 8 years ago | (#14511964)

Responsibility for this should rest with the Linux vendors. Companies can disclose their Linux distributions as packaged by [insert vendor here], the vendor should be able to easily see who write what by an examination of source code and README files.

Re:This makes no sense. (0)

Anonymous Coward | more than 8 years ago | (#14512301)

As pretty as that sounds, SOX makes no such distinction!

Re:This makes no sense. (1)

kadathseeker (937789) | more than 8 years ago | (#14512402)

Responsibility for this should rest with the Linux vendors

Bittorent?

Re:This makes no sense. (1)

bemenaker (852000) | more than 8 years ago | (#14512443)

I don't think that is what the article said. The article is referring to companies that violate the GPL, and when they do that, they are violating SOX.

Unless I am totally missing something here.

Is ownership relevant? (2, Interesting)

QuantumFTL (197300) | more than 8 years ago | (#14511969)

As long as something has been liscenced under GPL, the owner cannot assert additional restrictions, or revoke the liscense - therefore how is the owner relevant to the stockholders, if no such change can take place?

What's the point? (1)

lunk (80231) | more than 8 years ago | (#14511978)

The shareholders already have the exact same rights to the software that the company that is using them. Does this topic really make any point that isn't just an academic exercise? I think that the entire company can disclose their open source intellectual property rights with a single all encompassing word, Everyone.

Can't violate the GPLv2 if all you do is use Linux (2, Insightful)

Anonymous Coward | more than 8 years ago | (#14511979)

You have to distribute Linux outside of your organization in violation of the terms of the GPLv2 in order to have any licensing problems with Linux.

Mere use of Linux by a company cannot ever be a violation of the GPLv2 that Linux is licensed under.

This is FUD issued by a company that wants you to buy their BSD based embedded OS product.

Re:Can't violate the GPLv2 if all you do is use Li (1)

GigsVT (208848) | more than 8 years ago | (#14512181)

Modification can also trigger copyright protections. The FSF has said they don't care about modifications that you don't distribute, but legally the GPL does apply to you if you merely modify without distributing, since it is the only license that grants you rights that you would not normally have under copyright law.

Re:Can't violate the GPLv2 if all you do is use Li (1)

MntlChaos (602380) | more than 8 years ago | (#14512342)

right, but you only have to provide source code to others who you distribute to.

Re:Can't violate the GPLv2 if all you do is use Li (1)

GigsVT (208848) | more than 8 years ago | (#14512418)

Correct. While you may indeed trigger the GPL with mere modification, it doesn't have many practical implications.... yet at least.

If GPLv3 includes some stuff about using GPL code in a server-side capacity of a network application, you won't have to comply with any of that stuff unless you modify the app, then you would have to comply with the GPL in those regards even if you weren't distributing the app itself.

Re:Can't violate the GPLv2 if all you do is use Li (1)

Krach42 (227798) | more than 8 years ago | (#14512407)

Mere use of Linux by a company cannot ever be a violation of the GPLv2 that Linux is licensed under.

It can if you violated the GPL, and thus made your license void. That's what TFA is talking about.

All the comments are wildly confusing, and go figure, the summary sucks, but TFA makes it clear that for a public company violation of the GPL invalidates their license, and makes the issue not just copyright infringement, but a securities violation.

This wouldn't be any different than saying "by installing one copy of Windows on two separate machines you break your license, and thus it becomes a securities violation."

Re:Can't violate the GPLv2 if all you do is use Li (1)

GigsVT (208848) | more than 8 years ago | (#14512478)

The GPL doesn't grant you use rights. You got those if the person that distributed it to you complied with the GPL.

Even if you violated the GPL, mere use would still be legal. You don't need the GPL to have the right to use the software, only to have the right to modify, copy, or distribute the software.

wait a minute... (0)

Anonymous Coward | more than 8 years ago | (#14511981)

companies aren't doing what they're supposed to be doing???

Doesn't sound like news to me...

Reminds me this of (0, Offtopic)

recoiledsnake (879048) | more than 8 years ago | (#14511983)

Might Linux Violate Sarbanes-Oxley. yoda talk day today on slashdot is it?

Re:Reminds me this of (0)

Anonymous Coward | more than 8 years ago | (#14512046)

I can understand your confusion, as this is well-formed grammar, and thus not familiar to most slashdotters. "Might Linux Violate Sarbanes-Oxley?" is the question form. You are thinking, most likely, of the statement, "Linux Might Violate Sarbanes-Oxley." You could, in theory, simply place a question mark after this form and it would constitute a question, but the article title is clearer.

explain to me again (3, Insightful)

blackcoot (124938) | more than 8 years ago | (#14511984)

how exactly using linux in violation of the gpl is a violation of sarbanes oxley? the article does an awful lot of handwaving but doesn't actually explain any of the hows or whys.

i'll have to read again, but it looks like this is f/oss trying its hand at the fud game.

Re:explain to me again (1)

Clived (106409) | more than 8 years ago | (#14512339)

I agree with you completely. I am in the process of bringing myself up to speed as a SOX consultant, and Section 404 which deals with internal controls leaves it up to the company in question to implement IT control processes to safeguard financial data stored on the servers. Such control processes include but are not limited to patch management, password management, server identification by platform, etc. The act does not highlight these processes specifically but insists in control processes which are relevant to any organization in the normal course of their business process. I fail to see how Linux usage would violate SOX requirements. www.sarbanes-oxley-101.com has more information on the subject.

Re:explain to me again (1)

nacturation (646836) | more than 8 years ago | (#14512357)

how exactly using linux in violation of the gpl is a violation of sarbanes oxley? the article does an awful lot of handwaving but doesn't actually explain any of the hows or whys. i'll have to read again, but it looks like this is f/oss trying its hand at the fud game.

Possibly. People here rail when the DMCA or Patriot act gets applied to situations where the law wasn't intended to apply. Is this a stab at using SOX regulation as the stick to enforce unrelated laws? Violating the GPL is license infringement, much in the same way that downloading most MP3s on P2P is copyright infringement. There's a lot of precedent to enforcing license agreements and/or copyright law such that SOX compliance shouldn't even play a role.
 

GPL violators are at risk (5, Informative)

crumley (12964) | more than 8 years ago | (#14511994)

The synopsis above is misleading. Its is GPL violators, not simply GPL users who are at risk. From the article:
"Linux is a powerful operating system," says Jay Michaelson, an author of the study and Wasabi Systems' General Counsel. "But if companies violate the license, the consequences can be more severe than they think. If companies are violating the GPL, they don't have the right to use that software. And if they don't have the right to use the software, they're violating federal law if they claim that they do."

Re: GPL violators are at risk (1)

Black Parrot (19622) | more than 8 years ago | (#14512175)

> The synopsis above is misleading. Its is GPL violators, not simply GPL users who are at risk. From the article:
"Linux is a powerful operating system," says Jay Michaelson, an author of the study and Wasabi Systems' General Counsel. "But if companies violate the license, the consequences can be more severe than they think. If companies are violating the GPL, they don't have the right to use that software. And if they don't have the right to use the software, they're violating federal law if they claim that they do."
Which, if correct, means they're also in violation of the act if they have any unlicensed software of any type. (Which, I suspect, means every company on the planet.)

Also, the text of the act [legalarchiver.org] doesn't seem to contain the phrase "intellectual property".

Re:GPL violators are at risk (1)

meringuoid (568297) | more than 8 years ago | (#14512255)

If companies are violating the GPL, they don't have the right to use that software.

Yes they do. The right they do not have is to redistribute the software. Accept the GPL, reject the GPL, wipe your arse with it while shouting hosannas to Bill Gates' name if you like, you can still use Linux and the like.

The GPL is a licence setting out conditions under which you can redistribute software to others, and incorporate it into your own products - which would ordinarily be a copyright violation. As far as I can tell, however, it says not one word about actually using the software itself.

Re:GPL violators are at risk (1)

John Hasler (414242) | more than 8 years ago | (#14512460)

> As far as I can tell, however, it says not one word about actually
> using the software itself.

It says this:

      Activities other than copying, distribution and modification are
      not covered by this License; they are outside its scope. The act
      of running the Program is not restricted, and the output from the
      Program is covered only if its contents constitute a work based
      on the Program

Thus as long as you only use GPL software the license has nothing to do with you.

Re:GPL violators are at risk (1)

ajs (35943) | more than 8 years ago | (#14512292)

Ah, but this too falls down. The GPL does not govern use, it governs distribution. In fact is is titled,
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
Note the lack of the word "use" in that title.

You do not violate the GPL by modifying software covered by it. You do not violate the GPL by using that modified software (even if you fail to ship those changes to anyone who asks). You do not violate the GPL by doing a great many things, as long as you don't distribute it. Once you try to distribute it, then you have to either a) do so within the constraints of copyright law and fair use doctrine (very hard to do with software) or b) accept the terms of the GPL.

Re:GPL violators are at risk (1)

Lodragandraoidh (639696) | more than 8 years ago | (#14512319)

IANAL

The GPL doesn't say 'any and all' GPL'd software use is revoked if you violate the license for a particular program, revocation or your rights to copy, modify and distribute just the software that is being violated is revoked. The license furthermore states that use of the program is not covered under the GPL. That makes a big difference - and is not nearly as big a problem for businesses as the original headline indicated - particularly where use is concerned.

So, if I (as a business) screw up and modify GPL'd program called 'gnome' and include it in my latest super-widget - without attribution, and other requirements of the license - that does not mean I have to stop using Linux or unmodified 'gnome' --- it just revokes my right to copy, modify and distribute my modified version of 'gnome'. That is how I read the license.

I think this article is going a bit off the deep end.

IANAL

Re:GPL violators are at risk (1)

masterLoki (825962) | more than 8 years ago | (#14512345)

How exacly are they violating GPL

Re:GPL violators are at risk (1)

level_headed_midwest (888889) | more than 8 years ago | (#14512354)

How about we form a GPL Software Alliance and carry on like the BSA does?

What article did the OP read? (4, Informative)

mattbelcher (519012) | more than 8 years ago | (#14511997)

Did the OP even read the article he submitted? It says that if a company violates the GPL, that this might also be a violation of Sarbanes-Oxley if they claim that they still have a right to use Linux despite the GPL violation. There is nothing about listing the IP holders. On an aside, I didn't think there was any violation to the GPL that could stop you from being able to use Linux. A GPL violation would make you lose your right to distribute it, right?

Re:What article did the OP read? (4, Informative)

Hope Thelps (322083) | more than 8 years ago | (#14512104)

There is nothing about listing the IP holders.

Yes there is. The article says:
According to the study, the problem lies with the requirements of the Sarbanes-Oxley Act that companies disclose ownership of intellectual property to their shareholders.

It does go on to say:
The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley.

But that doesn't negate the first statement and the article never explains the connection between the two statements.

Re:What article did the OP read? (1)

DrkShadow (72055) | more than 8 years ago | (#14512251)

It feels like the only real way to violate the GPL is to distribute GPL software without distributing the source/copyright notice. In this violation, it is most likely that the companies would be using the GPL software source code in their own projects, but stating that they own the code or not giving the credit due to the original author.

-DrkShadow

Re:What article did the OP read? (1)

criscooil (653395) | more than 8 years ago | (#14512317)

I didn't think there was any violation to the GPL that could stop you from being able to use Linux.
You're right AFAIK, but in the FA, it seems clear (to me) that the author is using the word "use" for distribution, specifically in embedded systems.

Re:What article did the OP read? (2, Informative)

Krach42 (227798) | more than 8 years ago | (#14512433)

On an aside, I didn't think there was any violation to the GPL that could stop you from being able to use Linux. A GPL violation would make you lose your right to distribute it, right?

By violating the GPL, you invalidate your license. Considering that the code is only offered under the GPL, if you invalidate your license, then you have no permission to use it at all. Distribute, or use, because you just simply don't have a license anymore.

What are the Fortune 500 doing? (3, Insightful)

Syberghost (10557) | more than 8 years ago | (#14511998)

We're using Linux and treating it just like we do Solaris, HP-UX, and Windows, where we also can't identify everybody who wrote the OS.

The auditors don't seem to be having a problem with it. Wonder how much Microsoft paid IT Observer for that FUD?

Re:What are the Fortune 500 doing? (1)

hyc (241590) | more than 8 years ago | (#14512074)

Indeed. The article really makes no sense, someone would have to look up the specific clause in Sarbanes-Oxley they're referring to. Does the law require companies to disclose who the IP owners are of all the IP that a company uses? (That would be insane. I have no idea who owns patent #314159265 on the dinner fork I just used in the cafeteria, why should I even care?)

Re:What are the Fortune 500 doing? (1)

GigsVT (208848) | more than 8 years ago | (#14512155)

Wonder how much Microsoft paid IT Observer for that FUD?

They didn't. See my other posts. Wasabi systems is a BSD vendor with a strong bias against the GPL.

Re:What are the Fortune 500 doing? (1)

SilverspurG (844751) | more than 8 years ago | (#14512239)

That doesn't mean that MS isn't funding Wasabe through some investment broker and encouraging them to use the freer-than-free BSD license to try and bog down the GPL machine which has started to actually mean something in the marketplace.

Seriously. Would anyone even know if the VC firm working with Wasabe was owned primarily by big MS shareholders? For many years I've wanted to see a mapping of social connections for the leading industry giants.

Mod this up (1)

Linus Sixpack (709619) | more than 8 years ago | (#14512216)

I don't see any further exposure or problem. Companies using Linux have the right to use linux just like they have the right to use something they bought. Linux has contributors who have a copyright relationship with distributions of Linux and those who write software based on their work.

Guess what. Microsoft has contributors who have a copyright relationship with distributions of Windows and those who wrote software based on threir work.

Considering the terms for Linux are more generous not less and dont affect end users anyway how is this something for companies to worry about? This is a canard!

Cut out the middle man! (1)

Black Parrot (19622) | more than 8 years ago | (#14512234)

Re:Cut out the middle man! (1)

HotNeedleOfInquiry (598897) | more than 8 years ago | (#14512280)

Good catch Parrot. Thanks.

Did you actually read the article (1)

rminsk (831757) | more than 8 years ago | (#14511999)

"The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley" So only if they are violating the GPL they could be in violating of Sarbanes-Oxley. Just using linux does not put you in violation.

Tough choice. (1)

GodHead (101109) | more than 8 years ago | (#14512003)

spend an hour rounding up names and posting some code on a webserver *OR* completly re-write all the OSS code.

I have to wonder which companies will choose.

Read the article right before submitting! (1, Redundant)

Spy der Mann (805235) | more than 8 years ago | (#14512008)

"The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley."

This applies only to GPL VIOLATORS.

Move along, move along.

Why companies go with commercial distros... (1)

rkhalloran (136467) | more than 8 years ago | (#14512010)

I suppose if they "rolled their own" they might have to spell out where all the components came from, but going with Red Hat, Novell, Mandriva, etc. lets them point a finger over-there for both support and compliance issues.

Publically available information? (1)

bombshelter13 (786671) | more than 8 years ago | (#14512011)

How much should they be required to do if the information in question is already publically available and relatively easy to access? If a company is using Red Hat and wants to know who owns Red Hat and a shareholder wants to know who owns Red Hat it is very easy for the shareholder to find this information on the internet. If they want to know the owner of an individual component piece of open source code, the code's stated owner should be in the comments (the source is available, right?), shouldn't it?

Re:Publically available information? (1)

_Hiro_ (151911) | more than 8 years ago | (#14512258)

Hence why it's only GPL violators who fall afoul of the law.

Since they're not including source in re-distributed GPL code, the IP ownership isn't being reported properly.

This is not different (0)

Anonymous Coward | more than 8 years ago | (#14512013)

This is not different from ANY kind of equipment. There are patents used in your chair. In your screwdriver. In your lightbulb. I don't see why software should be special in this regard.

Oh, and can you provide a list of all patents that are used in MS Windows?

Pure FUD (1)

elfguy (22889) | more than 8 years ago | (#14512014)

This is pure nonsense. Every software program has various parts owned by various companies and individuals unknown to the user. Windows itself has hundreds of parts licensed from various other companies over time that Microsoft paid for and which we have no idea. The difference with Linux is we can look at the source and we know everything, with closed software we cannot. If anything, using open source is the right thing to do here, and using closed software is not possible if you want to comply to this law, so all companies should dump closed software right away.

I knew this was a Microsoft plan!!!! (0, Offtopic)

Tsunayoshi (789351) | more than 8 years ago | (#14512016)

Damn, I wonder if Microsoft backed the SOX act in order to get this very outcome...I mean, if companies are unable to run linux because of IP disclosures, then Microsoft would rule the corporate world, because we all know that the other option, Solaris, is doomed since Sun will dissappear any time now, and Macs are only for fanboyz.

I knew I should have bought that Microsoft stock....

Research (1)

schlichte (885306) | more than 8 years ago | (#14512017)

"published by Wasabi Systems."

WASABI!!!!! [google.com]

Re:Research (0)

Anonymous Coward | more than 8 years ago | (#14512142)

god is it just me or are the 800K's really that unfunny?

Uhm... (1)

Black Parrot (19622) | more than 8 years ago | (#14512021)

Do companies know who all the IP owners for other operating systems are? And application software? And computer and communications hardware? All this stuff includes components licensed from third (or higher) parties.

this is why digg is nipping at your heals (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14512030)

moronic postings like this, equating product use with ip ownership.

irrelevant (0)

Anonymous Coward | more than 8 years ago | (#14512032)

Do you list all the IP holders for your corperate phone system, your company car (lots of SW and computer goodies there), the company who owns the font your yearly statements are printed on?

What a stupid misleading article (1, Insightful)

molarmass192 (608071) | more than 8 years ago | (#14512037)

From TnotFA:

"But if companies violate the license, the consequences can be more severe than they think. If companies are violating the GPL, they don't have the right to use that software. And if they don't have the right to use the software, they're violating federal law if they claim that they do."

Well no poop? So they're saying that violating the GPL is like violating an EULA ... wow ... stop the presses!!! The GPL is eeeeeeeevil!!! Morons.

Re:What a stupid misleading article (1)

Lodragandraoidh (639696) | more than 8 years ago | (#14512406)

GPL does not cover USE.

morons/agreed!

It's just whining (1)

bas.westerbaan (917678) | more than 8 years ago | (#14512039)

IMHO this is just whining.

If people eventually really do make a problem about it you could hack your package manager to print out the author, or if not available an url to the website containing author information.

Although I wonder whether it would be usefull to know all the authors of the linux kernel for instance.

If it is free, then you 'own' it (1)

digitaldc (879047) | more than 8 years ago | (#14512040)

"According to the study, the problem lies with the requirements of the Sarbanes-Oxley Act that companies disclose ownership of intellectual property to their shareholders. The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley."

If you are given something for free, then you own it - do you not? The solution is to have anyone using it say that they are the 'owners,' being respectful to the creators of the software, of course.
Either that or they need to change the regulations to allow the lawful use of free software.

On a side note, Sarbanes-Oxley is a huge headache....THANKS ENRON!

Article Title Misleading (5, Informative)

hattig (47930) | more than 8 years ago | (#14512044)

Instead of "Might Linux Violate Sarbanes-Oxley?" which it doesn't, it should be "Non-compliance to terms of GPL might violate Sarbanes-Oxley".

Which makes sense.

I.e., if you claim to have the right to use Linux for your product, but you aren't complying with the license, you might be violating Sarbanes-Oxley.

Simple (1)

jgardn (539054) | more than 8 years ago | (#14512049)

Even if they are required to do as you say and list the owners of all the software they use, this is easily handled.

Add a field for ownership on each software package in RPM or DEB format. A good distro that wants to support the corporate environment will go through each package and list the owners in that field, not to mention upstream providers who package their own content. Then run a script on any installed computer to list the owners.

This will result in thousands and thousands of names and such. But it will satisfy the requirement.

If the companies are violating the law, then they will be given a warning and given time to comply, just like if they file the wrong forms or if they report something that isn't quite correct.

Wasabi Systems? (2, Insightful)

GigsVT (208848) | more than 8 years ago | (#14512052)

according to a research published by Wasabi Systems.

The same Wasabi Systems that sells products based on NetBSD?

Yeah, no bias there.

In the past, such violators were merely required to release their code to the public

The article is also wrong in that it spreads the "forced open source" myth. GPL violators aren't required to release their source code. They FSF generally asks them stop infringing on the copyright of the GPL software.

One way to do that is to comply with the GPL, another is to stop using GPL software. They don't have to release any code they don't want to.

Re:Wasabi Systems? (1)

GigsVT (208848) | more than 8 years ago | (#14512071)

Oh I found a choice quote from Wasabi's main site:

"Wasabi Certified BSD, a certified, tested, and optimized version of the BSD operating system, offers the rich functionality of BSD Unix without Linux's troublesome GPL License."

Hah, come on now.

TFA was talking about GPL violations (1)

Secrity (742221) | more than 8 years ago | (#14512055)

TFA was talking about Sarbanes-Oxley problems that could occur when a company distributes software in violation of the GPL. TFA wasn't talking about companies that use or distribute GPL'ed software in compliance with the license.

GPL Violation == Sarbanes Oxley Violation (3, Insightful)

panda (10044) | more than 8 years ago | (#14512058)

I think a lot of folks here have missed the point. The article's author is making an intellectual exercise in asking out loud and in public if companies that violate the GPL in their software are not also violating Sarbanes-Oxley.

This is because they are required to list what intellectual property the company owns to shareholders and if it is later found out that the company doesn't really own it, because it is based on a GPL'd software, then is that a Sarbanes-Oxley violation.

I'd have to say, it looks like one, but I'm no MBA, nor a JD.

I am a SOX IT auditor (4, Informative)

kalpol (714519) | more than 8 years ago | (#14512084)

Rather new at it, it's true, but so far if we find a company has a problem of this sort, it's generally not a very big deal especially if they rectify it before their fiscal year ends. This is just one little piece of the huge SOX pie and often there are other controls in place that mitigate the effect of a finding anyway. Now if the company practiced systemic licensing violations then that's a different matter.

Re:I am a SOX IT auditor (1)

kalpol (714519) | more than 8 years ago | (#14512148)

I should say, 'systemic licensing violations that affect their financial reporting'. SOX is there just to make sure the financial reports are complete and accurate.

This is wierd (0)

Anonymous Coward | more than 8 years ago | (#14512103)

You don't really own software now adays, you just buy a license that lets you use it. Since everyone has the ability to use free software, wouldn't by that same logic mean that they would all have to list it as their IP whether or not they use it? Wow, IP is such a stupid term...

Poor headline (3, Informative)

shogarth (668598) | more than 8 years ago | (#14512110)

Come on people, let's pay attention to the article. Contrary to the poster's headline, nothing in it even hints that using Linux would violate Sarb-Ox. Sarb-Ox is supposed to make investing a bit safer by forcing companies to audit their practices and disclose potential problems.

If someone is building products on GPL code (like, say broadband router/NAT boxes based on Linux) then they are supposed to disclose that tidbit to their investors. The important part is that they don't own all of the intellectual property for that product and investors should know since that could change the company's value. If they fail to disclose the data, then they have violated Sarb-Ox.

Applause (0)

Anonymous Coward | more than 8 years ago | (#14512371)

Thanks, Thanks, Thanks!!!
Eventually someone figured out, what the article is about. I wonder why there were so many (excuse me, but it is appropriate here) stupid comments were written before. I don't think it is really difficult to figure it out. :)

Re:Poor headline (3, Informative)

georgewilliamherbert (211790) | more than 8 years ago | (#14512512)

Right. The source article at http://www.wasabisystems.com/gpl/ [wasabisystems.com] is not intended to discourage the use of GPL software; it's a not-so-subtle slam on some of Wasabi's competitors who are using Linux (with the GPL) in embedded systems and possibly not properly disclosing the IP issues to their investors. That might be a SOX violation, yes. But doesn't matter to Joe Linux User on the street. They aren't claiming there's anything wrong at the user end; just at the distributor end, if you improperly distribute modified Linux (or other GPL) products and don't release the source. In this, RMS and the Free Software Foundation agree. Wasabi is correct that their use of a Berkeley license makes their operations safer that way. But it also doesn't make a difference to a Linux-using vendor if the vendor obeys the GPL as the GPL requires...

Huh? (2, Interesting)

booch (4157) | more than 8 years ago | (#14512120)

Does he really think that Microsoft owns all the "intellectual property" in Windows? They sub-license a ton of stuff. For example, IE was based on licensed code from Spyglass. The "About" panel for IE also lists NCSA, UIUC, RSA, Independent JPEG Group, Intel, and Mainsoft. And that's just a single program within the OS. And what about all the submarine patents on the stuff in Windows? How about all the copyrighted stuff in all the malware that's probably running on some of their Windows systems? How about the BSD copyright on the TCP/IP code used by Windows? How are companies expected to find all that information?

I think the problem may be that the author of TFA hasn't a clue what he's talking about. I suspect that the law says that companies have to disclose what "intellectual property" they own, not what they use. Or perhaps I'm mistaken, and it's Congress that hasn't a clue; that's a distinct possibility. But even then, I'm sure it would follow the spirit of the law to worry about what the company owns, instead of what they use.

No - some Linux *Modifiers* violate Sarbanes-Oxley (1)

ardle (523599) | more than 8 years ago | (#14512133)

The article states - although not in its misleading headline (repeated as a misleading headline for this topic) - that, in short, if a company is violating the GPL it is violating Sarbanes-Oxley and hence committing a federal offence (of course, I don't have any idea what Sarbanes-Oxley is :-). The only bad news I can see in the article is the headline - which is erroneous.

On a side note, I'm not sure how easy it is to unwittingly violate the GPL these days, so the article is cutting GPL violators quite a bit of slack!

A few lines (1)

RichMan (8097) | more than 8 years ago | (#14512141)

Dull Disclosure of Dependancies:

We use the following systems under the legal licenses listed.
We are not aware of any violations of the agreements by the companies and constantly monitor employees to ensure no laws or licenses are violated.

Pencils - Federal Copyright laws
Xerox copy machine - Federal Copyright Laws
Windows XP - Vendore License. Updated monthly, hard copy stored in vault. 3 interns manage the database and 2 lawyers on retainer to review.
Linux - GPL. 2 pages attached.

Wasabi is a Bad BSD Vendor (2, Insightful)

puppetluva (46903) | more than 8 years ago | (#14512189)

Basically, this is FUD from a BSD vendor who wants to hurt linux and promote BSD by Fudding the GPL.

Although started by some really bright netBSD folks, they've ejected all of their really bright founding engineers and are resorting to scare-tactics and other garbage like this to try to gain market share.

Stupid tricks like this hurt free software in general. I hope Wasabi garners enough ill-will from this stunt to hurt their business in a serious way.

Technicality! /usr/src/linux/CREDITS (1)

redelm (54142) | more than 8 years ago | (#14512246)

If SOx says to name, then name'em: cat /usr/src/linux/CREDITS >>SOx_report.

The same can be done for all the system components, although I'd just guess many will simply name RedHat.

A little misunderstanding (0)

Anonymous Coward | more than 8 years ago | (#14512283)

"Ownership" of IP means exactly that. If I am a company that produces software, I own the IP of that software, GPL or not. If another company uses that software, they don't "own" it, and therefore don't have anything that needs to be disclosed.

The point is to prevent companies from hiding a potentially valuable but unexploited assets from shareholders - not to give an inventory of every piece of software they bought.

I had to document OSS licenses,it's not impossible (1)

wsanders (114993) | more than 8 years ago | (#14512290)

It is a slanderous urban legend that the license terms for OSS are impossible to enumerate. They are hard to find sometimes, and if you really want to be thorough about it you need to just give up and buy a supported OS.

But all the licenses you are likely to encounter are listed here:

http://www.opensource.org/licenses/ [opensource.org]

And once you have those the risks with "unlicensed" or "non-GPL" compliant software isn't any greater than any other OS.

Survey says, "Black Duck" (1)

sweetser (148397) | more than 8 years ago | (#14512324)

There is software to look through all the source code a company claims to own, http://blackducksoftware.com./ [blackducksoftware.com.] I'd rather have software do it than have to look by hand.

Great news! (2, Interesting)

drasfr (219085) | more than 8 years ago | (#14512327)

That is a great news...

Take the example of a random company, let's say... Linksys, a publicaly traded company, owned by Cisco.

They release an appliance with Linux in it... They don't release the source code. It is GPL. They are in violation of Sarbannes Oxley. It's a big deal if this is discovered, could put them into trouble. It is probably the best way to force a company to comply with the GPL.

Now it is too bad it only applies to publicaly traded companies...

Re:Great news! (0)

Anonymous Coward | more than 8 years ago | (#14512508)

Or an even better way to get a company to completely stop using Linux or other GPL infected software...

Why not sue the companies that violate the GPL? (1)

level_headed_midwest (888889) | more than 8 years ago | (#14512331)

Why don't the people who wrote the GPLed software sue the companies that are in violation if it for a lot of money? As it is right now, parties use GPL code as their own with about no repercussions, such as First4Internet did in its XCP rootkit. If OSS is even going to be taken as seriously by everybody, the OSS programmers need to sue infringement like Microsoft or SCO do.

Let the SEC do all the work (1)

Dachannien (617929) | more than 8 years ago | (#14512454)

This gives the FSF and other copyright holders who license their work under the GPL an easy way to make claims against offenders. Let the SEC bust a company under Sarbanes-Oxley, and then when they get a conviction or a settlement, swoop in and file a claim against the company citing the criminal case for most of your evidence.

Missing the bigger picture (3, Insightful)

davidsyes (765062) | more than 8 years ago | (#14512543)

I think a lot of people are missing the bigger picture by not asking the question:

"WHAT is the main reason and who are the authors behind the SOX wording" about this disclosure requirement.

It COULD be a specious attempt by lobbyists on the part of their supporters to FORCE the companies using GPL/FLOSS/Linux to disclose themselves so that ms and their henchmen can start targetting the companies that (public or private) are using Linux/free/free software. It has the 'beneficial' effect of causing their competitiveness or chance of success to be diminished or at least perceived as rogue, reckless, uninformed...

Moreover, it indirectly helps ms by causing the commercial (non- or anti-Linux/GPL/FLOSS) companies/developers to target and entice those companies 'back into' the fold if they have escaped or managed to get one foot out of the field.

This isn't to say that employees don't talk. Of course employees talk, whether complaining or bragging about their companies. BUT, by forcing companies to list that they are anti-ms or unwilling to be 100% in ms' farm, then the shareholders who WANT to be in ms' fold (for stock/portfolio reasons) just MIGHT call for the necks of the IT managers.

Just one jaded/cynical/scary thought...

Anyone else can add to or refine my ideas here...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?