SXSW: Open Source Panel

Later, when I did awaken and saw he was doing an open source panel, I checked that off as a "must see" session. While waiting for the panel to start he mentioned one of the panelists was stuck on I-35 coming in from Dallas and asked if I would sit in. I was glad to. I've worked with Hank before. He's a really fun guy in a hyperkinetic sort of way.

The title of the panel was "Can You Build a Company from Free Code?" The panelists included Don Shafer of the Athens Group and Steve Vandegrift of Techxas Ventures. Ean Schuessler, a Debian hacker, was the guy I replaced, although he was able to sit in for the last portion.

There were no opening statements, which was good for me. Hank posed a number of questions that may be of concern for a company using open source software and threw them out to the panel to answer.

Now, I've been involved in enough of these things to know that at some point the "infection bogeyman" was going to raise its head. There is always somber talk about how you need to be very careful of your open source licenses, because you may get your self in trouble. You don't want to develop a product with a sullied line of ownership.

That's true enough, but the thing is you need to be concerned about all licenses. You need to be aware of and abide by the terms of your software license regardless of whether it's a proprietary or open source product. Granted open source software alters the set of concerns, but you've got license risk regardless of which way you go. My concern is that the issue often is raised in a way that scares people away from open source.

I think the issue is understanding how open source changes the set of licensing risks, and working to manage those risks. Avoiding open source doesn't avoid risk. There's risk anytime you use any form of licensed software.

I expected Hank would raise the risk issue, and he did. As a lawyer, it's his job to advise clients of the range of options and risks they face. Unfortunately, he was on to the next topic before I had a chance to take a whack at this one. (I did mention Hank can run a little fast sometimes.) I grabbed the microphone at first opportunity and said, "I'd like to return to the previous issue."

A little trash talk can liven up conference panels as well as basketball games. "Look, Hank, I know you are a lawyer and it's your job to sow uncertainty and doubt, but I've got a problem with this risk issue." I explained why I thought this shouldn't cause people shouldn't fear open source.

I caught Hank off guard, but he came back quickly. "There is a difference between FUD and a train wreck," he said. He explained how he's seen companies who have had open source come in through the back door and create problems with the ownership of product they've developed.

Truth is, we probably agree on the essential issues. I think the result is this makes it even more important that a company confront open source software and put policies and procedures into place. You can't keep it out, and you don't want to be surprised when it comes in through some backdoor method.

The issue of security came up, and I hope my answer was robust. I used electronic voting machines as an example. I explained how I thought that would be an ideal application for open source software, because then hundreds of people would audit the system and we could build confidence.

During the question period somebody raised the issue of banks: aren't we happy banks use proprietary methods and hackers can't examine them? I pointed out that banking people are the biggest players in the e-voting market, and when we've been able to audit the software we've found very scary things. I should have added (but did not) that we don't know if proprietary banking systems are secure or if they are being breached. Banks could be getting hacked left and right, but we'd never know because they'd keep that knowledge secret.

If you'd like to know more about what happened, Heath Row of Fast Company blogged a report on our panel.

Comments

Comments have been closed for this entry.

re: SXSW: Open Source Panel

I used electronic voting machines as an example. I explained how I thought that would be an ideal application for open source software

Actually, I think e-voting should be a compulsory application of open-source. The idea that private entities own our voting system is unconscionable.

aren't we happy banks use proprietary methods and hackers can't examine them?

Yeah, who is this "we"? Obscurity != security.