You are here: IT-Observer » Articles » Editorial RSS | White Papers |   

Linux Users May be Violating Sarbanes-Oxley





Companies using Linux for embedded applications may be unwittingly violating the Linux license and even breaking federal securities laws, according to a research published by Wasabi Systems.

The research “When GPL Violations are Sarbanes-Oxley Violations” is the first in a series of legal studies analyzing the common misperceptions and risks associated with Linux and its license, the GNU General Public License (GPL).

According to the study, the problem lies with the requirements of the Sarbanes-Oxley Act that companies disclose ownership of intellectual property to their shareholders. The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley.

“Linux is a powerful operating system,” says Jay Michaelson, an author of the study and Wasabi Systems’ General Counsel. “But if companies violate the license, the consequences can be more severe than they think. If companies are violating the GPL, they don’t have the right to use that software. And if they don’t have the right to use the software, they’re violating federal law if they claim that they do.”

The extent of this problem remains unclear. The Free Software Foundation, which is the primary enforcer of the GPL, reports that it pursues “several dozen” enforcement actions each year. In the past, such violators were merely required to release their code to the public. Now, Michaelson says, “Sarbanes changes the picture completely. For public companies, violating the Linux license is now a matter of federal securities law.”

Future studies will look at the GPL implications of Loadable Kernel Modules (LKM) and how upstream GPL violations impact VARs and end users.



Prevent data theft & viruses through network connected USB sticks, PDAs & media players. Control user access to endpoint connections with GFI EndPointSecurity - Free trial!

Visit GFI Security Software page for more information.

 

FREE IP PBX: 3CX VOIP Phone System for Windows. No timeouts or limitations

 

Latest News

Essential Bluetooth hacking tools
25.05.07  Bluetooth provides an easy way for a wide range of mobile devices to communicate with each other without the need for cables or wires.

DEP for IE7 in Vista
22.05.07  Security tips blog, security-hacks, has posted details on how to enable DEP for Internet Explorer 7 in Vista.

SMB over SSH: Secure File Sharing
18.05.07  Security tips blog, security-hacks, has published an simple guide to share files securely in heterogeneous networks.

Avoid data leaks by clearing the page file
14.05.07  Security-Hacks publishes a useful tip to avoid potential data leaks when you run out of memory.

How to set Master Password in Firefox
11.05.07  Nowadays many web sites require you to type a user name and password before you can enter the site.

How to test your firewall?
10.05.07  Security tips blog, Security-Hacks, has published a compilation of tools to test your firewall: "We’ve compiled a list of tools we believe will be of value to both home users and advance users.

eEye released integer overflow auditing tool
16.02.07  Vulnerability research company eEye Security has released a free security vulnerability auditing tool that helps spotting possible integer overflow vulnerabilities.

Copyright © IT-Observer Online Publication 2000 - 2007 Top | RSS Feeds | About Us   
Site Meter