The SCO Group Inc.'s multibillion dollar lawsuit against IBM, Red Hat Inc. and commercial Linux users may be without...
merit, but it has served to elevate the issue of intellectual property in the consciousness of developers and enterprise decision makers with open source software in-house.
On the eve of the LinuxWorld Conference & Expo, which is the biggest annual gathering of Linux talent and sellers, talk of IP, copyrights and patents -- once relegated to an afterthought -- figures to be foremost for debate.
Most in the community agree, however, that it's unlikely there are many IP cases in the wings and are confident with the integrity of the development process.
"Open Source as a whole or as a development methodology is certainly not at risk. Even in the SCO case, the only issue is possibly a few lines of Linux kernel code, not the millions of lines of application level code (standard utilities, GUI utilities, etc.) that run on top of the kernel," said Arnold Robbins, author of Linux Programming By Example: The Fundamentals. "I think in two years we'll look back at this and laugh. At least, I certainly hope we will. If SCO by some chance wins their case, it'll speak volumes about the sad, degenerate nature of the U.S. justice system."
The Linux community has been proactive about securing the validity of code contributions going forward. Linus Torvalds introduced in May the Developer's Certificate of Origin which requires contributors to certify their code is original, or it will not be considered for inclusion in the kernel.
"We are at the beginning of a very steep learning curve. The issue has been identified and we will learn how to better manage the software development process to minimize these risks," said Karen Faulds Copenhaver, executive vice president and general counsel of Black Duck Software. "Open source is a permanent and welcome part of the infrastructure. It presents some new challenges -- but it also presents enormous opportunity. We are a very creative culture and we are very good at recognizing and capitalizing on opportunities."
Companies like Black Duck and Open Source Risk Management, meanwhile, have seized the opportunity to create a business around defending open source from IP challenges. Vendors like Novell, Hewlett-Packard and Red Hat have also offered their customers some sort of protection, either in the form of indemnification or warrant services.
Meanwhile, experts suggest developers and enterprises continue to be proactive about their open source contributions and use.
Copenhaver said developers have three choices: file a patent; protect the idea as a trade secret and hope that no one else files a patent; or disclose the invention so that no one else can get a patent.
"Open source proponents would obviously choose to disclose the invention so that it is part of the prior art considered by the patent office when it is reviewing a patent application for novelty," Copenhaver said. "Small companies without sufficient financial resources to file a lot of patent applications should think carefully about the value of a patent on a significant invention both in terms of protecting their products and in terms of trading value to get rights that they need under patents owned by others. If the company chooses not to pursue patent protection, they should consider the fact that someone else might get a patent on their invention if they keep it confidential."
Author and Linux expert Steve Shah urges developers and enterprises to document every step of the design phase.
"Spell out your design, spell out your algorithms, spell out everything. Make them available on the Web and if you're really paranoid, get them notarized. Put dates on all your design work. A letter to the USPTO showing that you have prior art in excess of one year before the filing date of a patent will pretty much kill a patent," Shah said. "If you do get a cease and desist letter, look for other violators, especially big companies. It's worth trying to make some noise about other violators that have bigger lawyer budgets than the person who sent the cease and desist."