In acquiring Merrill Lynch, must Bank of America open source its software?

When a company like Bank of America acquires an open-source, software-rich Merrill Lynch, does it need to contribute that software back to the open-source community?

Matt Asay Contributing Writer
Matt Asay is a veteran technology columnist who has written for CNET, ReadWrite, and other tech media. Asay has also held a variety of executive roles with leading mobile and big data software companies.
Matt Asay
2 min read

Lost in the rubble of the teetering titans of finance is an open question: what will happen to the open-source software that they have heavily modified and upon which many have built core business applications?

It's a nontrivial question. Bank of America just acquired Merrill Lynch. Merrill Lynch was a heavy adopter of and modifier of open-source software. Because it never distributed that software, it was able to keep its modifications private.

Does acquisition by an outside party constitute a distribution? In conversations I've had with enterprise CTOs and the Free Software Foundation, the answer is an unequivocal "maybe."

It's not, however, a "maybe" that many CIOs will want to casually overlook. Part of Bank of America's deal with Merrill Lynch is to take over all of Merrill Lynch's assets. Some of those assets, which Merrill Lynch is distributing to Bank of America, include open-source software. Private value may well now be public, open-source value. I think that's a good thing, but Bank of America's CIO may not agree.

No one has yet to file a lawsuit to provide clarity around the issue, but I suspect it's just a matter of time. A lawsuit is unlikely to come from a commercial open-source vendor, which will have no interest in suing a potential customer, but may well arise from a community like BusyBox that has grown tired of seeing enterprises benefit from open source without contributing back.

Please be sure to see the comments below. While I remain unconvinced by the arguments made there, they are well thought out. They seem to overlook, however, the Red Hat/CentOS example, which I try to describe in the comments below. For those who think that binary distribution is somehow a silver bullet, I suggest they re-read the GPL.