Home News Business of Open Source Legal Let's Have Responsible Disclosure For Open Source Violations

Let's Have Responsible Disclosure For Open Source Violations

Article Source InformationWeek's Open Source Weblog
November 16, 2009, 7:18 am

Last week brought news about Microsoft inadvertently using open source code in one of their binary-only tools -- code that had to be redistributed with the tool itself. When this does happen, what's the best way to bring such a mistake to an offending company's attention? Is shouting about it far and wide always wise?

First off, Microsoft deserves credit for doing the right thing in a timely way. The fact that they allowed it to happen was a botch, whether or not someone else wrote the tool for them. If anything, they should have applied double the rigor to code submitted by an outside authority, since anything could be in there. (This could have been done by any number of means -- a GPL-aware auditor, or an automated system like Black Duck's software suite...)

Read More



Subscribe to Comments Feed

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board