Linux Users May be Violating Sarbanes-Oxley

By | January 18, 2006

Companies using Linux for embedded applications may be unwittingly violating the Linux license and even breaking federal securities laws, according to a research published by Wasabi Systems.

The research “When GPL Violations are Sarbanes-Oxley Violations” is the first in a series of legal studies analyzing the common misperceptions and risks associated with Linux and its license, the GNU General Public License (GPL).

According to the study, the problem lies with the requirements of the Sarbanes-Oxley Act that companies disclose ownership of intellectual property to their shareholders. The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley.

“Linux is a powerful operating system,” says Jay Michaelson, an author of the study and Wasabi Systems’ General Counsel. “But if companies violate the license, the consequences can be more severe than they think. If companies are violating the GPL, they don’t have the right to use that software. And if they don’t have the right to use the software, they’re violating federal law if they claim that they do.”

The extent of this problem remains unclear. The Free Software Foundation, which is the primary enforcer of the GPL, reports that it pursues “several dozen” enforcement actions each year. In the past, such violators were merely required to release their code to the public. Now, Michaelson says, “Sarbanes changes the picture completely. For public companies, violating the Linux license is now a matter of federal securities law.”

Future studies will look at the GPL implications of Loadable Kernel Modules (LKM) and how upstream GPL violations impact VARs and end users.

Leave a Reply