Archive Index (1999-2012) | 2013-current at | About  

Open source legal advocate rebuts GPL-SOX FUD

Mar 7, 2006 — by LinuxDevices Staff — from the LinuxDevices Archive

GPL-licensed software poses no special threat to companies covered by the Sarbanes-Oxley Act of 2002 (SOX), according to a whitepaper released by the Software Freedom Law Center (SFLC). The paper rebuts recent statements to the contrary from Wasabi Systems, an embedded software publisher that advocates a competing open source license.

Wasabi Systems is best-known as the distributor of NetBSD, a highly portable version of BSD Unix licensed under the BSD license. Wasabi has taken an interest in the GPL, recently, publishing a series of whitepapers alleging various problems with the more popular, competing license. Wasabi's SOX whitepaper appeared in January of this year, followed a month later by a paper alleging license incompatibilities with binary-only loadable kernel modules.

SFLC chairman Eben Moglen says his organization felt obliged to respond with its own whitepaper refuting “false information” informing recent discussions about the GPL and SOX, given the SFLC's charter to provide accurate legal advice to its clients in the open source community. He stated, “This [SFLC] paper will help users of the GPL, from developers working on FOSS projects to CIOs working at Fortune 500 companies, to clearly understand there is no new need for concern.”

The SFLC's position, as stated in the whitepaper, boils down to four points:

  • SOX only applies to companies obliged to report to the SEC (Securities and Exchange Commission), including public companies, and those with significant assets or shareholders
  • SOX reporting is required only for software licenses deemed “material;” this is relevant because, unlike commercial software violations, GPL violations historically have not “triggered massive lawsuits for damages,” Moglen notes
  • “Companies subject to SOX must bear the cost of full SOX compliance whether or not they use software distributed under GPL”
  • Criminal liability under SOX is only triggered by intentional misconduct

Moglen adds, “The fact remains that no criminal charges on the basis of violating the SOX Act have ever been brought against a GPL user.”

The full SFLC whitepaper can be found here. Wasabi Systems's GPL-related whitepapers are listed here. eWEEK also has a story about the issue, here.

This article was originally published on and has been donated to the open source community by QuinStreet Inc. Please visit for up-to-date news and articles about Linux and open source.

Comments are closed.