Microsoft highlights importance of open source policy and vigilance

News that Microsoft may have violated the GPL should be a wake-up call to enterprises

I don't want to get into whether or not Microsoft violated the GPL with its Windows 7 USB/DVD Download Tool. That's already been covered in depth.

I do, however, want to ask how a situation like this could have even happened and how it could be prevented -- not just at Microsoft, but at a typical enterprise that sells products or services, including software. Enterprises that fall into this category are increasing in number daily, and that growth will accelerate as enterprises start building mobile device applications; Air Canada and Domino's are early examples.

[ Also on InfoWorld, track the software giant's contrary moves on open source in "Microsoft's open source glasnost" | Stay up to speed with the open source community via InfoWorld's Technology: Open Source newsletter. ]

We've previously discussed the notion of using open source to complement a development budget. This is true for enterprises and software vendors alike. As Black Duck Software's Eran Strod writes:

There is an abundance of great open source code available that includes components like libraries, stacks, databases, frameworks, etc; it simply doesn't make economic sense to allocate development resources to build what Savio calls "undifferentiated capability." Why spend money, and time, reinventing the wheel?

As enterprises start to use open source within products that will be released externally, the need for an open source usage policy becomes critical. This effort begins with developer education. It's helpful to have a set of guidelines with approved licenses and open source projects that developers can potentially build from. But that's not enough. Enterprises need to verify the pedigree of code checked into each build, to the degree possible.

Companies like Black Duck Software and Protecode offer services to help enterprises using open source in their development process. What surprises me about the Microsoft situation is that the company should already have an open source usage policy. Microsoft uses open source in some areas of Windows, so it's possible that a developer just made an honest mistake. However, that isn't a viable excuse, not for a software vendor and not for an enterprise in the future. The need for education and vigilance is an endless task.

Follow me on Twitter: SavioRodrigues.

p.s.: I should state: "The postings on this site are my own and don't necessarily represent IBM's positions, strategies, or opinions."

This story, "Microsoft highlights importance of open source policy and vigilance," was originally published at Follow the latest developments in open source at

Copyright © 2009 IDG Communications, Inc.

How to choose a low-code development platform