For many years there was a question about how the court system would view the provisions of the GPL license in regard to the use of open source software. Frankly many cases were settled prior to a decision being rendered in order to lessen the possibility of an adverse ruling. But a Federal Judge in the Southern District of NY has issued an order that shows the GPL is not only enforceable, but packs a big bite.
In the case of Software Freedom Conservancy vs Best Buy, Samsung Electronics America, Westinghouse Digital, JVC America, Western Digital and Zyxel, the court has issued a default judgement against Westinghouse Digital. The damages were based on the courts finding that the use in violation of the GPL of the BusyBox open source software by defendant was willful. Therefore she awarded treble damages (3 times the actual amount). Additionally the court awarded attorneys fees to the plaintiffs, issued a permanent injunction against Westinghouse and ordered all of the products with the infringing code in them turned over to charities (there should be some good HDTV's available at some lucky charity soon).
This really represents a harsh penalty to the defendant, but shows that using open source software in violation of the GPL can carry significant risk and penalties. It should be noted that this judgement was only against Westinghouse and not the other defendants. It was a default judgement because the defendant had stopped participating in the discovery process when the filed bankruptcy. The court may have been sending a message with the default judgement to make sure other defendants comply with discovery, as well as what it thinks of the enforcement and penalty remedies in the GPL.
In any event everyone should be on notice. If you are going to use open source software, be sure you read and comply with the provisions of the license it is issued under. It may be free, but if you don't follow the license you could wind up with a bite being taken out of you too.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.