For software vendors, open source software (OSS) should be treated like a compliance issue - in the same way that corporate, securities or environmental compliance is a concern for many companies. The failure to manage compliance can be costly - just like it would be if a company ignored its environmental or securities compliance obligations. An environmental remediation order or a cease-trade order might result from compliance failures in those other areas.

What does it look like in the case of OSS compliance failures?

We need look no further than the Versata litigation which has spawned no less than 5 cases in the US:

  1. Versata Software Inc. f/k/a Trilogy Software, Inc. and Versata Development Group Inc. f/k/a Trilogy Development Group Inc. v. Ameriprise Financial Inc., Ameriprise Financial Services, Inc. and American Enterprise Investment Services, Inc., Case No. D-1-GN-12-003588; 53rd Judicial District Court of Travis County, Texas
  2. Versata Software Inc. v. Infosys, Case No. 1:10cv792, U.S. District Court, Western District of Texas
  3. Versata Software Inc. v. Ameriprise Financial Services Inc. et al., Case No. 1:14-cv-12, U.S. District Court, Western District of Texas, Case No. 1:14-cv-12, U.S. District Court, Western District of Texas
  4. XimpleWare Corp. v. Versata Software Inc., Trilogy Development Group, Inc., Ameriprise Financial, Inc., Ameriprise Financial Services, Inc., Aurea Software, Inc., Case No. 3:13cv5160, U.S. District Court, Northern District of California
  5. XimpleWare Corp. v. Versata Software Inc., Aurea Software Inc., Trilogy Development Group, Inc., Ameriprise Financial Services, Inc., Ameriprise Financial, Inc., United HealthCare Services, Inc., Waddell & Reed, Inc., Aviva USA Corporation, Metropolitan Life Insurance Company, Pacific Life Insurance Company, The Prudential Insurance Company of America, Inc., Wellmark, Inc., Case No. 5:13cv5161, U.S. District Court, Northern District of California (San Jose).
  6. In a nutshell, the lawsuits centre around the use of an open source component in Versata's Distribution Channel Management (DCM) software. Versata originally sued Ameriprise for breach of a software license agreement for the use of the DCM software. In the course of that litigation between Versata and Ameriprise, it became clear that there were significant underlying issues related to an XML-parsing component called VTD-XML, distributed by XimpleWare.

    While XimpleWare does offer VTD-XML under a "closed" commercial license, Versata had not obtained a commercial license for the component, and thus the component was governed by GPLv2, an open source license.  This in turn laid bare the gaps in Versata's OSS compliance and raised questions of whether the DCM was a derivative, making the whole of Versata's proprietary code subject to the GPLv2. XimpleWare, for its part sued Versata, Ameriprise and all of Versata's DCM customers based on breach of the GPLv2 and patent infringement.

    We will be watching whether any judicial guidance comes out of this US litigation. In the meantime, it serves as a cautionary tale for software vendors: OSS compliance must be addressed with the same attention and diligence as a regulatory compliance issue.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.