Did you know that most open source lawsuits target embedded systems?
A brief history
In 2007, Verizon was sued for including General Public License (GPL) code in its FIOS routers.
As part of the settlement, Verizon subcontractor Actiontec paid an undisclosed sum to the developers of BusyBox (a set of GPL Unix utilities). Actiontec also agreed to post the code on its website and appoint a compliance officer for open source.
More than a dozen consumer electronics manufacturers — including Best Buy, Samsung and JVC — were also sued in 2009 for violating the GPL. More recently, VMware has been sued for including copyrighted Linux code in its embedded ESX hypervisor.
It's common to assume that open source code is in the public domain and therefore not subject to any copyright.
But open source code is copyrighted, which means you can only use it with permission of the copyright holder. In many cases, this can simply mean including the license text and copyright notice with the code.
Some of the more popular licenses (including GPL) also require you to provide source code upon request. You may also be obliged to publish any proprietary modifications to the code you developed yourself.
Consequences of non-compliance
Ignoring license compliance can be disastrous for you and your company. Your company can be shut down with court injunctions, tied up with costly legal proceedings, and forced to undergo code audits. You can even be obliged to reveal proprietary source code.
Other potential consequences include creating major roadblocks when your company is being acquired or wants to license your product to a strategic partner.
“Manufacturers should subject IoT devices to a rigorous SDLC process, including maintaining an inventory of embedded open source components.”
Online Trust Alliance, IoT Trust Framework