VMware has been publicly chastised for allegedly violating the GPL in its proprietary vmkernel technology. Now, in VMware's most recent quarterly report, the company calls out widespread use of open-source software in its products.
It is customary for public companies to overstate risks to their businesses in an effort to forestall shareholder lawsuits. Better safe than sorry, seems to be the thinking.
Even so, I find it fascinating to see the extent of VMware's admission to using open-source software in its products,. Here is the relevant section of VMware's 10-Q in its (near-) entirety:
Our use of "open source" software could negatively affect our ability to sell our products and subject us to possible litigation.
A significant portion of the products or technologies acquired, licensed or developed by us may incorporate so-called "open source" software, and we may incorporate open source software into other products in the future....We monitor our use of open source software in an effort to avoid subjecting our products to conditions we do not intend.
Although we believe that we have complied with our obligations under the various applicable licenses for open source software that we use such that we have not triggered any such conditions, there is little or no legal precedent governing the interpretation of many of the terms of certain of these licenses, and therefore the potential impact of these terms on our business is somewhat unknown and may result in unanticipated obligations regarding our products and technologies.
For example, we may be subjected to certain conditions, including requirements that we offer our products that use the open source software for no cost [Asay note: VMware legal team: Time to brush up on your understanding of open-source licensing - this is blatantly false], that we make available source code for modifications or derivative works we create based upon, incorporating or using the open source software and/or that we license such modifications or derivative works under the terms of the particular open source license.
If an author or other third party that distributes such open source software were to allege that we had not complied with the conditions of one or more of these licenses, we could be required to incur significant legal expenses defending against such allegations. [Asay note: Or you could simply contribute the code as per the license rather than fighting it out in court.]
If our defenses were not successful, we could be subject to significant damages, enjoined from the distribution of our products that contained the open source software and required to comply with the foregoing conditions, which could disrupt the distribution and sale of some of our products.
In addition, if we combine our proprietary software with open source software in a certain manner, under some open source licenses we could be required to release the source code of our proprietary software, which could substantially help our competitors develop products that are similar to or better than ours.
In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third party commercial software, as open source licensors generally do not provide warranties or assurance of title or controls on origin of the software.
We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source, but we cannot be sure that all open source software is submitted for approval prior to use in our products. In addition, many of the risks associated with usage of open source, such as the lack of warranties or assurances of title, cannot be eliminated, and could, if not properly addressed, negatively affect our business. [Asay note: Additional paragraph breaks added to make it easier to read.]
VMware seems to be dancing around the elephant in the room: its controversial use of Linux in its proprietary hypervisor technology. It's interesting that the company, which has refused to comment publicly on these specific allegations, is content to serve up a blanket advisory in its 10-Q.
If I were a VMware shareholder, I'd want clarity. The company suggests that it's complying with all open-source licenses, to the best of its knowledge. If this is true, it's perhaps time for the company to put those claims to a public sniff test.
The developer community hasn't been amused by VMware's use of embedded Linux in its hypervisor technology. Why not call out specifically why VMware feels it is in compliance with the GPL?