James Dixon’s Blog

Microsoft has been caught in two GPL violations recently.

First Microsoft had to release their Hyper-V drivers as GPL because they inadvertently violated the GPL.

Now they have to put the Windows 7 DVD/USB Download Tool into open source because they again inadvertently violated the GPL. This case is particularly interesting because the GPL code in question came from their own open source hosting site – Codeplex.

If Microsoft had a good open source governance program in place this would not happen. Therefore we have to deduce that Microsoft does not have a program, or at least a well-implemented one, in place. This is very odd to me as there are tools you can use to help with this (from Palaminda, Black Duck, and OpenLogic).

At Pentaho I use Palamida’s IPAmplify product. It does a great job at identifying all of the open source components that we embed – and since we have an open source platform there is a lot of them. It also checks our source code to identify source that has been copied from open source projects without the proper attribution. It has identified several cases where internal developers and community members have used code segments from third parties and not treated that IP cleanly. Once the cases are identified it is easy to fix them with appropriate headers or packaging – but find them would be impossible without an open source governance tool like IPAmplify.

I don’t believe that Microsoft has no governance program in place, my guess is that their program is not applied consistently, or that their tooling has blind-spots and/or is not updated frequently enough.