Risky business: Open source's legal, technical and support issues

Users weigh legal, technical and support issues when considering open source.

The lure of open source software is tempting - tales of enormous cost savings, freedom from vendor control and proprietary technologies, plus the broad resource of a community of volunteer programmers eager to help.

But every reward has its risks.

Ask Autozone; the regional auto parts dealer made the switch to Linux in all of its stores as a point-of-sale system in 2000, displacing SCO OpenServer. The SCO Group , which has brought a widely publicized lawsuit against IBM, claiming it infringed on Unix patents by promoting Linux, turned around and sued its own customer .

"IBM approached Autozone in an effort to induce Autozone to breach its agreement with SCO," the Unix vendor said in court papers. "IBM was actively advising Autozone's internal software group about converting to Linux . . . Despite the Autozone OpenServer License Agreement with SCO . . . IBM finally successfully induced Autozone to cease using the SCO software and to use Linux with IBM's version of Unix. Autozone ultimately decided not to pay SCO the annual fee to continue to maintain the SCO products and . . . with the encouragement of IBM, began the efforts required for conversion to Linux. . ."

In July, a Nevada court issued a stay, pending the outcome of the SCO vs. IBM case as well as SCO suits against Red Hat and Novell. Observers of the case say any penalties against Autozone are unlikely to ever come about because the IBM/Red Hat/Novell cases could be tied up for years. But until the case is resolved, Autozone remains mired in this legal morass (Read a related story on patent issues ).

Technical concerns

Some large enterprise users running Linux in the data center say that while the legal issues are real when using open source software, other risks, particularly around product support, are even more important to consider.

Autozone caught in the crossfire SCO moves from Linux to litigiousness.
1995Novell sells UnixWare to SCO.
2001Linux distributor Caldera merges with SCO.
2003SCO sues IBM charging that IBM took Unix intellectual property owned by SCO and used it in Linux. SCO sends letter to 1,500 Linux users threatening them with legal action.
2004SCO sues Autozone and DaimlerChrysler. Judge agrees to delay Autozone case. Judge dismisses DaimlerChrysler case.

"There can be technical risks," in deploying open source software, says Joshua Levine, CTO and operations officer at E*Trade Financial in New York. His firm moved off of a Sun Solaris Web platform to Linux four years ago, and saved around $200,000 per server on hardware and software costs. Levin says there were great concerns as to whether a Linux switch would support the firm's trading applications.

"There were risks that we wouldn't be able to support the business on the new platforms, and that applications won't port over," he says. But thanks to Y2K, many large companies, such as E*Trade, were able to obtain source code for their applications. This and the similarities between Unix and Linux made porting a non-issue.

"When the cost savings or production increases are compelling enough, it's easy to sell the ideas of open source to a business," Levine says. "In reality, the risk wasn't not there."

At Cendant Travel Distribution Services, there were concerns about performance and uptime when the New York company took mainframe-based software that had been ported to Unix and tried to move it to a Linux platform. Reworking the code a third time was a risky proposition, says Robert Wiseman, CTO at the firm, which does back-end airfare calculations for Orbitz.com and United Airlines.

"Risk of downtime was a concern when we moved to open source," Wiseman says. "You can say a platform is faster and cheaper, but if your servers aren't up, no one really cares about the cost savings."

This idea is something that vendors competing for Cendant's business used to try to dissuade the move to open source. "Vendors who tried to steer us away from open source would come in and try to scare our executives by calling [open source software] freeware," Wiseman says.

It took several months of testing the firm's applications on dual-processor Intel servers, and showing that the software ran faster on Linux/Intel than on either the previous mainframe or Unix boxes before executives were won over.

Support questions

The issues of legal risk also are on the minds of users interested in open source. Lawyers at Citigroup did not take this lightly when the firm was looking to put instances of Linux servers on its mainframe, as a way to consolidate servers without buying new hardware.

"One challenge was understanding how open source can be supported," says Aaron Graves, vice president of technology at Citigroup in New York. "It took us a while to figure that out to the point where executives and the legal department were satisfied."

Some issues that had to be clarified were around responsibility. SuSE made the Linux software and IBM made the hardware, so whose responsibility it was to ensure the operating system ran smoothly on the mainframe processors needed to be spelled out.

Also:
Patent issue plagues open sourceClick here for more

One issue standing in the way of open source applications that even the most vehement supporters can't deny is that of patents.

"We were stalled for months on legal issues," Graves says, "trying to understand what a support contract for open source means vs. a traditional software support contract; it was really a different model."

The fact that two credible vendors were behind the technology, and had mutual support agreements, helped the company get over this hurdle. "We had to convey that there was real vendor backing behind this, and that we weren't just messing around with raw source code someone downloaded from the Internet."

As for the potential risks of lawsuits around Linux, many see this as becoming more of a non-issue as the SCO/IBM case languishes in court.

"Lawsuit risk around open source became popular for a while," E*Trade's Levine says. "And while it is still ongoing, it's now to the point where it's not high on our legal department's radar at this point."

Learn more about this topic

Do software users need indemnification?

11/29/04

SCO's McBride warns of open source 'wild west'

10/12/04

Start-up to sell open source insurance

03/16/04

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT