I don’t want to get into whether or not Microsoft violated the GPL with their Windows 7 USB/DVD Download Tool. That’s already been covered in depth. I do however want to ask how a situation like this could have even happened, and how it could be prevented. Not just at Microsoft, but at a typical enterprise that sells products or services which include software. Enterprises that fall into this category are increasing in number daily and will accelerate as enterprises start building mobile device applications. Air Canada and Domino’s are early examples of the enterprises that I’m referring to.
We’ve previously discussed the notion of using open source to compliment a development budget. This is true for enterprises and software vendors alike. As Black Duck Software’s Eran Strod writes:
“There is an abundance of great open source code available that includes components like libraries, stacks, databases, frameworks, etc; it simply doesn’t make economic sense to allocate development resources to build what Savio calls ‘undifferentiated capability’. Why spend money, and time, reinventing the wheel?”
As enterprises start to use open source within products that will be released externally, the need for an open source usage policy becomes critical. This effort begins with developer education. It’s helpful to have a set of guidelines with approved licenses and open source projects that developers can potentially build from. But that’s not enough. Enterprises need to verify the pedigree of code checked into each build, to the degree possible. Companies like Black Duck Software and Protecode offer services to help enterprises using open source in their development process.
What surprises me about the Microsoft situation is that I’d be shocked if Microsoft doesn’t have an open source usage policy. Microsoft uses open source in some areas of Windows. So, it’s possible that a developer just made an honest mistake. However, that really isn’t a viable excuse, not for a software vendor and not for an enterprise in the future. The need for education and vigilance is an endless task.