Earlier this week, the latest round of BusyBox GPL lawsuits were announced by the SFLC. The current offenders are Best Buy, JVC, Samsung, Westinghouse and 10 others. It seems that every few months, there are a new round of violations or lawsuits announced, so it behooves every company that distributes software or products containing software to ensure they aren't ever on the list. We announced our Open Source Fulfillment Center service earlier this week that helps companies ensure they comply with the GPL.

Jason Perlow of ZDnet gave a pretty good explanation of the challenges in complying with the GPL. Dana Blankenhorn, his colleague, talks about why those explanations are not an excuse. I want to focus on some concrete steps companies can take to avoid being the next defendants.

Assume that you may be using GPL code.

Realize that if you have software in your product, there is a high probability that you have open source software in it. There is also a HIGH probability you have GPL or LGPL code in your software, even if you think you don't.

At OpenLogic, we offer an Application Audit service for customers where our experts scan your source code to identify any open source and help you comply with the licenses. When we do an Application Auidt, we always find open source, we always find more open source than the company thinks they have, and we almost always find GPL code that the company is unaware of.

Scan all of your code – including code from outsourcers.

Even when companies have good source code control practices, it's almost impossible to get a 100% accurate list of the open source and licenses used. The main challenge is that open source often has other open source components that are bundled inside it, and that use different licenses than the primary license specified by the project. The only way to find a complete list of open source and the relevant licenses is to scan your code.

It's also critical to scan all code from outsourcers. At OpenLogic, we find that many cases of "hidden GPL" come from this source.

OpenLogic provides both services and products for scanning code to identify open source.

Understand how to fulfill the source code requirements of the GPL/LGPL.

Once you determine that you have GPL or LGPL code in your software, make sure you understand and follow all of the appropriate requirements. Some of those requirements may not be readily apparent, but they can include:

• Including source code with your product OR including an offer to get source code with your product
• Providing the exact "corresponding source" that goes with the binaries for each product and model
• Providing instructions on how to create binaries from the source – including scripts, information on the tools needed, and details on how to replace the standard code in your product with the modified code
• Providing the source code in electronic AND physical media
• Maintaining the source code for a period of time after the latest distribution of your product

OpenLogic provides an Open Source Fulfillment Center service that helps you comply with the GPL.

I also recommend A Practical Guide to GPL Compliance from the SFLC as a great primer for do-it-yourselfers.