Let’s Have Responsible Disclosure For Open Source Violations

36
Article Source InformationWeek’s Open Source Weblog
November 16, 2009, 7:18 am

Last week brought news about Microsoft inadvertently using open source code in one of their binary-only tools — code that had to be redistributed with the tool itself. When this does happen, what’s the best way to bring such a mistake to an offending company’s attention? Is shouting about it far and wide always wise?

First off, Microsoft deserves credit for doing the right thing in a timely way. The fact that they allowed it to happen was a botch, whether or not someone else wrote the tool for them. If anything, they should have applied double the rigor to code submitted by an outside authority, since anything could be in there. (This could have been done by any number of means — a GPL-aware auditor, or an automated system like Black Duck’s software suite…)

Read More