Some Linux Users Violate Sarbanes-Oxley

Goyuix writes "According to the IT Observer, publicly owned companies who are using Linux, could be violating the federal securities laws as part of Sarbanes-Oxley. The article goes on to say that companies are required to "disclose ownership of intellectual property to their shareholders." How are these companies supposed to really list out all the IP owners if they were to install a full desktop or server environment - there could be literally thousands of parties listed! What are the current Fortune 500 companies doing, as many of those use Linux in one form or another?" update several people have pointed out that this is about companies who are violating the GPL, not everyone.

This makes no sense.

[afeinberg]

Responsibility for this should rest with the Linux vendors. Companies can disclose their Linux distributions as packaged by [insert vendor here], the vendor should be able to easily see who write what by an examination of source code and README files.

Is ownership relevant?

[QuantumFTL]

As long as something has been liscenced under GPL, the owner cannot assert additional restrictions, or revoke the liscense - therefore how is the owner relevant to the stockholders, if no such change can take place?

Re:Ownership != utilization

[bedroll]

There's a big difference between ownership and utilization. For example, if McDonalds employs the use of WinXP workstations in their facilities, that does not mean that they own, but instead license Microsoft's IP.

I completely agree. Just to expand on that, it should also be noted that the GPL does not transfer ownership of IP unto you, it merely gives you license to modify and reuse it. A company would then have to disclose their IP after they changed that code.

Reading the article, it appears that the author is a little confused. The second sentence talks about violating the GPL. You don't violate the GPL by simply using Linux. So maybe the real issue is with companies that release GPLed software without proper attribution and GPL compliance, but that's not the way the article reads.

Huh?

[booch]

Does he really think that Microsoft owns all the "intellectual property" in Windows? They sub-license a ton of stuff. For example, IE was based on licensed code from Spyglass. The "About" panel for IE also lists NCSA, UIUC, RSA, Independent JPEG Group, Intel, and Mainsoft. And that's just a single program within the OS. And what about all the submarine patents on the stuff in Windows? How about all the copyrighted stuff in all the malware that's probably running on some of their Windows systems? How about the BSD copyright on the TCP/IP code used by Windows? How are companies expected to find all that information?

I think the problem may be that the author of TFA hasn't a clue what he's talking about. I suspect that the law says that companies have to disclose what "intellectual property" they own, not what they use. Or perhaps I'm mistaken, and it's Congress that hasn't a clue; that's a distinct possibility. But even then, I'm sure it would follow the spirit of the law to worry about what the company owns, instead of what they use.

Re:Ownership != utilization

[Firehed]

Can't this just be as simple as "We use/have modified the xxx distribution of Linux. If you want to know everything and anything about it, here's Google/a link to a site that has every Linux contributer ever. And if you want to know how it works and exactly who wrote what line of code, here's the source code."

In any case, do shareholders actually care? Maybe I'm not thinking about this hard enough, but I honestly doubt it. As long as the company they own a share of isn't doing anything distinctly illegal (last I knew, using free software wasn't, but IP laws are getting really wierd), I doubt whether most people care whether they're using Redhat or Mandrake as long as they're still a profitable company.

Re:Ownership != utilization

[Anonymous Coward]

For example, if McDonalds employs the use of WinXP workstations in their facilities, that does not mean that they own, but instead license Microsoft's IP.

Actually, they do own the physical media, and they own a copy of the software. The EULA restricts what McD can do with the software.

However, McDonalds does not own the copyright on windows XP. If they did own the copyright, McD would have to disclose that they own the copyright, because the copyright to windows XP is worth quite a bit of money - it is a significant asset.

Re:Not just Linux

[tobiathan]

As one who has had the sad misfortune of suffering through a few SOX audits, it is more about how the auditors choose to interpret and apply the regulations, and less about the regulations themselves.

There is also the argument about what constitutes a "material" defect or weakness. Unless someone is running the backbone of their financial system on Linux or other sw covered under GPL, this is probably not relevant as it would not be considered material to the integrity of their financial data.

Great news!

[drasfr]

That is a great news...

Take the example of a random company, let's say... Linksys, a publicaly traded company, owned by Cisco.

They release an appliance with Linux in it... They don't release the source code. It is GPL. They are in violation of Sarbannes Oxley. It's a big deal if this is discovered, could put them into trouble. It is probably the best way to force a company to comply with the GPL.

Now it is too bad it only applies to publicaly traded companies...

Who ownes the Stolen code in Windows?

[Lost Penguin]

By the same token;
What IP is in Windows?
We already know Microsoft has been caught stealing code many times, what is still lurking?
Without a full source to any OS how can anyone know whose IP they are using?