FOSS compliance becomes more important

Free and open-source software could be subject to new compliance requirements

foss, CC BY-SA 2.0

Versata Software learned the high cost of failing to manage the use of free and open-source software (FOSS) in its proprietary distribution channel management (DCM) software: Its routine attempt to terminate a license for its DCM software with its licensee, Ameriprise Financial, exploded into several lawsuits resulting in eight of Versata’s clients being sued by XimpleWare Corp., the owner of some software embedded in the DCM software.

The case was finally settled out of court, so just how high the cost was is unknown. But certainly being a party to any extended lawsuit is expensive. There are lessons that can be derived from the Versata case that any company distributing or using FOSS should heed if it wants to avoid paying a similar price.

Ameriprise is in the business of providing financial products to its network of independent financial advisers, from whom it receives a commission. Versata licensed its DCM software to Ameriprise to calculate commissions for the financial advisers. And Versata agreed to permit Ameriprise to use third-party contractors to modify the DCM software, subject to stringent terms.

Ameriprise hired Infosys to make such changes. Versata claimed that Infosys was using the DCM software not only to develop functions for Ameriprise, but also to develop a competitive product. According to Versata, Ameriprise did not terminate the relationship with Infosys even though Infosys was violating the terms of the license to DCM, which permitted Ameriprise to use certain third-party consultants. Versata claimed that this failure to terminate Infosys breached the license. Ameriprise denied these claims and raised several defenses, including that Versata violated the DCM license because the DCM software included XimpleWare VTD XML software, which was licensed under GPLv2. The DCM license stated that Versata had the right to license the DCM software and that it did not include any software that was "encumbered."

The XimpleWare software reads and parses XML and is available under both GPLv2 (the most widely used FOSS license) and commercial licenses. According to Ameriprise, Versata had obtained the XimpleWare software under the GPLv2, but failed to comply with the terms of the GPLv2 by failing to include the text of the GPLv2 license, the required copyright notices and a copy of the source code of the XimpleWare software to its licensees. Many licensors who use the GPLv2 state that failure to comply with such terms results in an automatic termination of the license and that, consequently, Versata did not have the right to include the XimpleWare software in its DCM software.

Ameriprise also claimed that the XimpleWare software was integrated into DCM software in a manner that made all of the DCM software a "derivative work" under the GPLv2, and thus, the DCM software was subject to GPLv2. Ameriprise demanded that Versata make the DCM software available under the GPLv2 and provide the source code of the DCM software to Ameriprise. Ameriprise also reported these violations of the GPLv2 to XimpleWare. XimpleWare then sued Versata, Ameriprise and other alleged Versata licensees for copyright and patent infringement. 

To continue reading this article register now

Shop Tech Products at Amazon