McAfee warns over open source use

McAfee has warned investors that the "ambiguous" nature of open source licensing could turn into a business threat.

In a recent filing with the US Securities and Exchange Commission (SEC) McAfee repeatedly warned of possible dangers to the company's intellectual property regime presented by open source. The warnings come as several large companies face legal action over their use of software protected by the open source General Public License (GPL), the most widely used open source licence.

"To the extent we utilize 'open source' software we face risks," McAfee said in its 10-K annual report, filed at the end of December.

The company said its ability to commercialize products could be harmed because of "ambiguous" open source licence terms that could result in "unanticipated or uncertain obligations regarding our products."

Furthermore, it could be difficult to determine whether open source software infringes on third-party intellectual property rights, McAfee said.

The GPL is of particular concern, according to McAfee, since its scope and requirements "have not been interpreted in a court of law" and use of GPL-covered software "could subject certain portions of our proprietary software to the GPL requirements."

The GPL requires derived works to be covered under the GPL's own "copyleft" terms, which include a requirement to provide users with software source code and with the right to themselves modify and redistribute the software.

The GPL is currently facing several tests in court. Last month the Software Freedom Law Center (SFLC) filed a copyright lawsuit against Verizon Communications, alleging that routers the company uses with its Fios broadband service violate the GPL.

The lawsuit was filed on behalf of the developers of BusyBox, a lightweight set of standard Unix utilities commonly used in embedded systems. The SFLC has previously filed copyright lawsuits on behalf of the developers against three other companies, but Verizon is by far the largest target.

Last year Skype was found guilty of violating the GPL by a Munich, Germany regional court. The decision found that Skype had violated the GPL by the way it distributed a voice over IP (VoIP) handset, the SMCWSKP100, which incorporates the GPL-covered Linux kernel in its firmware.

Also last summer the Free Software Foundation (FSF) released the GPL version 3, including changes connected to intellectual property rights.