November 2, 2005 1:59 PM PST
Lawyer: Open-source risks overblown
- Related Stories
GPL 3 may tackle Web loopholeSeptember 27, 2005
During a keynote speech at the Open Source Business Conference on Tuesday, the Columbia University Law School professor said that for users of open-source software, the "risk perception has diverged from risk reality."
He said that many of the potential risks to users of free and open-source software are misplaced, as they have been addressed over the years in the General Public License, which is used in many products, including Linux.
Free Software Foundation
In addition, Moglen railed against the U.S. patent system, saying it was a "sin and a shame," with little chance of reform because of reluctance from vested interests. He said too many patents are granted for software inventions, causing legal risk for software users, and some bad patents "need to be blown up from time to time."
Moglen is general counsel for the Free Software Foundation and is actively involved in the creation of the General Public License version 3.0, expected to be released next year. He is also founder of the Software Freedom Law Center, which defends use of free and open-source software.
During his speech, Moglen argued that authors of the GPL foresaw some of the potential risk in using open-source software in an unfettered way. By imposing patent and copyright conditions on the distributors of software, the GPL manages to significantly reduce risk to its users, he said.
"The secret of the GPL was taking a small quantum of risk and putting it on the distributors," Moglen said. "The total risk could be brought close to zero."
By contrast, the patent system still imposes risk on users of open-source software, a situation that that shows little chance of changing, he said. In particular, Moglen said that pharmaceutical companies, which have great political influence, will prevent significant reforms to the patent system.
Moglen's comments come a day after the announcement of an insurance policy from Lloyds of London around the use of open-source software. The $10 million policy is aimed at corporate customers that might be redistributing software in violation of open-source licenses.
Other companies, including Open Source Risk Management, Palamida and Black Duck Software, have emerged to assure corporate customers they comply with open-source license provisions. On Tuesday, Black Duck introduced an upgrade to its license-compliance analysis software, which now has a lower price and bigger database of software products.
Moglen said that he welcomed the release of the Lloyd's policy because it indicates that the risk associated with open-source software has become quantifiable.
"Any time you see an insurer enter the market, the risk has become calculable," he said. "You can see what the smart money thinks the risk is."
Moglen said that there have been infringements to the GPL but many of those problems have been satisfactorily addressed without a court challenge to the legality of the license.
"The primary enforcement gravity of the GPL is everyone's understanding that anti-community behavior is bad for business," he said.