New platform protects open source customers from infringement

Open source software is often available free of charge, but it can also come with tricky and potentially costly licensing, trademark, and patent restrictions. Today, one company announced a platform for protecting themselves from these open source pitfalls.

There are two types of IP violations that open source software customers might unintentionally commit. They can infringe upon the software vendor's patents or trademarks, which are still enforceable even if the software has an open source license, and even if it's distributed for free. Or, they can disobey the terms of their licenses, often in redistributing altered programs without also supplying customers with the source code.

In the category of trademark and patent regulations, lawsuits by SCO against IBM, and by Firestar Software against Red Hat, have garnered a lot of legal costs and a garbage dump full of publicity.

In an effort to give customers added protection against any intellectual property violations, OpenLogic today introduced a major upgrade to its OLEX Enterprise Edition platform for its software-as-a-service (SaaS) downloads.

OpenLogic provides free downloads of about 300 certified open source packages from its Web site, said Kim Weins, the company's senior VP of marketing, in an interview with BetaNews. But last November, OpenLogic rolled out a subscription-based Enterprise Edition incorporating some IP safeguards.

However, Weins contended, open source developers and advocacy groups are also taking action around violations of open source licensing agreements, and some of this activity is resulting in out-of-court financial settlements.

For example, the Free Software Foundation 's GNU General Public License (GPL) requires developers who distribute GPL-licensed software to also distribute any modifications or custom code added to the package. "So if you don't want to distribute your custom code, maybe you don't want to use GPL software," she illustrated.

The FSF has by now sent out about 50 action letters to users around open source licensing issues, according to Weins. To settle these actions, companies must often agree to appoint an internal "open source compliance officer," she said.

"And typically, there is some soft of monetary settlement, [although] they don't always announce that."

Essentially, OpenLogic's OLEX EE is targeted at companies in industries where downloads and customization of open source software is becoming commonplace, such as financial services, telecommunications, health care, and retail. Companies subscribing to EE are provided with their own private areas on the OpenLogic Web site. "You can think of this as sort of a Salesforce.com model," Weins told BetaNews.

The first version of EE, introduced last fall, included some protections against IP violations, such as a workflow process and audit path that an organization's software engineers can use to gain approval from internal IT and business managers and legal staff to download a specific open source package.

But the new upgrade offers three new types of protections. Customers can now define "white lists" of open source packages that are automatically allowable for download by their employees, as well as "black lists" of software that is automatically bans and "grey lists" where internal approvals will be required on a case-by-case basis.

Beyond that, enforcement of companies' open source download policies is now integrated into the OpenLogic software libraries, preventing any downloads that are internally prohibited.

Also new in the upgrade is a "cascading policies" feature meant to assure that a company's open source policies are applied not just to a "primary software package," but also to any open source software that might be bundled along with the primary package.

This capability can be used even if the bundled open source packages use different open source licenses than each other, or than the primary software package, according to Weins.

Annual subscription pricing for EE ranges from about $100 to "several hundred dollars" per seat, depending on volume, the senior VP said. Ordinarily, organizations only purchase seats for software engineers, IT and business manager, and legal staff involved in the open source download process.

In conducting return-on-investment studies with customers, OpenLogic has pinpointed customer savings of from 20% to 70% for the use of EE versus propriety software, she said.

Most of that savings stems from lowered software costs, she acknowledged. But customers are also spared investments in hardware servers for running and managing the software.

Weins told BetaNews that OpenLogic is not charging any more for the EE upgrade than for the original version of the SaaS service launched last November. She added that OpenLogic also offers legal indemnification for downloaded open source software packages, but that the indemnification is rolled into the cost of OpenLogic's optional software support services. These support services are priced from "several thousand dollars to hundreds of thousands of dollars per package per year," depending on whether the support is provided during business hours only or on a 24/7 basis.