Handling Licenses to Avoid
Litigation"> The reasonable license for a competitor for the communication protocols, that is, CIFS (Common Internet File System) and authentication, allows the competitor to examine the code and adapt its own to conform to the licenses specifications. Copying the programs in the source themselves would not be a reasonable use of the license, but copying a data structure or two would be. Its only reasonable that two programs communicating with each other will use identical data structures.But this does present a problem with respect to potential future litigation. Lets assume Microsoft believes that a licensee has violated its copyrights and the license agreement by copying the licensed parts of Windows. Its common, perhaps even standard, for a vendor implementing a clone of someone elses product to do it in a "clean room" environment with developers who have had no exposure to the product being cloned. Microsoft asks the United States to intervene in its patent struggle with the EU. Click here to read more. And yet the idea of Microsoft licensing the Windows source code is all about the developers having access to the actual source. Which brings me back to a variant of question No. 1 above: What are the licensing terms with respect to potential litigation? Perhaps there is a compromise: Licensees can have two teams, one to examine the source and build protocol documentation that they are happy with and that they can pass on to their own developers. Its also reasonable for Microsoft to charge fees for its source code license, especially since others expect to make money off of the products built based on information derived from the source code. The Samba people themselves are not in this category and perhaps its not reasonable for them to have to pay for a license, but there are plenty of for-profit companies that sell products that include Samba. It will be hard for them to claim that Windows source code should be free (as in beer, to use the open-source terminology). I can easily see IBM, for example, licensing the source, making the appropriate changes to Samba and granting them back to the Samba project. IBM, or a group of commercial vendors, could also just underwrite a license for the Samba team, assuming the other licensing terms were acceptable to the team. IBM could also be the aforementioned documentation group that provides to Samba and to the world documentation of the protocols that it believes is acceptable, as compared to what Microsoft has been providing. All this still leaves me wondering why, if its OK for Microsoft to license the communication source code today, the company didnt do it years ago. Perhaps the company really believed what it said about secrecy in the source code being essential to protecting both its own intellectual property and customer security. Any water this argument held has largely leaked out over the last few years; both open- and closed-source programs have security problems, and even in the open-source ones, security issues can persist for years before being found. Protecting trade secrets and intellectual property is a more difficult issue, but its hard to see any large-scale losses for Microsoft based on properly licensed excerpts of source code. The companys never going to make the entire product available. Its important to recognize this as a relatively conservative move; its licensing just the parts of the source code that it needs to license in order to avoid further legal troubles. But its part of a general trend in Microsofts behavior of abandoning its more ridiculous practices and being willing to do the right thing if its obviously right. Dont assume this means that the Vista source will be open any time soon, but dont put anything past Microsoft either. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at firstname.lastname@example.org. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
There also has to be perhaps a more liberal allowance for a licensee to implement some algorithms that have a limited variety of implementation possibilities.