All products featured on WIRED are independently selected by our editors. However, we may receive compensation from retailers and/or from purchases of products through these links.
After appearing on the Web for a few hours last week, a much-anticipated report on the possible threats to national security posed by open-source software was pulled by its authors, who said that the report needed more editing.
But despite its hasty un-publication, the full report -- called "Opening the Open Source Debate," by Kenneth Brown of the Alexis de Tocqueville Institution -- still made it onto Slashdot on Monday, where its low opinion of open source was roundly criticized.
Bruce Perens, an open-source developer and author of The Open Source Definition, said he saw "Microsoft's paws all over this report."
Slashdotters and others in the open-source community had been waiting for the report ever since it was revealed last week that the ADTI received funding from Microsoft, a foe of the open-source movement.
A spokesman for the ADTI said the report published last week was an old, unedited version that had been accidentally pushed on the Web. He said that a new version would be finished by late Monday, but he did not know if the report would be immediately posted on the Web. He promised to e-mail the final version to Wired News as soon as it was ready; by late Monday afternoon on the West Coast, no report had arrived.
The old version of the report is available at ADTI's website in PDF format.
Last month, the ADTI sent out a breathless press release promising that its report would outline how "terrorists trying to hack or disrupt U.S. computer networks might find it easier" if the government began using more open-source software. But the draft version of the report mentions nothing about terrorism, and instead spends most of its 30-odd pages criticizing open-source pioneer Richard Stallman and his General Public License, or GPL.
The GPL is one of the most popular open-source licenses; it's the license under which the Linux operating system is released. Under its terms, developers are allowed to modify all the source code of a GPLed application as long as they allow anyone else to freely modify their modifications. The terms ensure that any additions to GPL software are kept in the public domain.
ADTI's report says that "open source as a development model is helpful to the software industry," but it says that the GPL flavor of open source is too "restrictive," and that it could lead to security problems in government and financial problems in business.
GPL is the "gift that keeps on taking," the report says, and, far from ensuring freedom for developers, developers who use it could lose all their work to a code-hungry public.
The report says: "... if the code for a software application was originally 10 lines, and 5 lines of GPL open source is added to it, then the entire 15 lines becomes GPL open source. In effect, if a programmer uses GPL open source in a proprietary product, he agrees that the new product can be changed, modified and distributed as freely as if it were purely open source. Thus, the question becomes, 'why would a programmer that sells his product as proprietary software agree to incorporate GPL open source, in effect allowing its source code to be indiscriminately distributed?' The answer is -- most don't!"
The notion that adding small fragments of GPLed code into an application might lead to the ruin of a programmer is not a new idea -- Microsoft has warned of that possibility for quite awhile.
For example, in a speech at New York University last year, Craig Mundie, a Microsoft vice president, said that the "viral aspect of the GPL poses a threat to the intellectual property of any organization making use of it. It also fundamentally undermines the independent commercial software sector because it effectively makes it impossible to distribute software on a basis where recipients pay for the product rather than just the cost of distribution."
Rick Miller, a Microsoft spokesman, said on Monday that although he had not read the full report, its conclusions seem to be in line with what the company believes. He said that although ADTI receives funding from Microsoft, the funding was for the organization, not for specific reports. Miller said he did not know whether Microsoft provided input for the report.
Brown, the president of ADTI, was not available for comment. His report cites 12 sources in its bibliography, all online press reports on open-source software.
Curiously, one of the sources cited in the report is David Wheeler, a programmer who seems, from his past writing, to be a strong proponent of GPL software. Just last April, Wheeler wrote an article called "Go with the GPL -- Or Else."
"Microsoft's real goal is to be able to maintain an 'embrace and enhance' strategy," said open-source developer Perens, "by which they take software and introduce gratuitous incompatibilities under propriety licenses, and suddenly when most people update their versions of Microsoft Windows, most people have an incompatible version.
"Under the GPL, Microsoft would be compelled to disclose the source code. If they introduce incompatibility they would have to show everyone else how to be incompatible in the same way."
Microsoft has long denied that it has any such strategy.
