McAfee: Open Source Software Disclaimer 'Old News'

McAfee advised investors in the company's annual 10-K report, filed in late December, that its use of open source software could pose a threat to the company. The company says "ambiguous" open source General Public License (GPL) guidelines may result in "unanticipated or uncertain obligations regarding our products."

McAfee says its concerns stem from the fact that GPL guidelines have yet to be tested in a court of law, though several lawsuits have been filed by the SFLC, including a recent suit on behalf of open source utilities provider BusyBox, which accused City of Industry, Calif.-based networking vendor Xterasys, of with violating licenses of the Unix/Linux utilities it offers. BusyBox's utilities are governed by the open source General Public License (GPL).

McAfee's disclaimer states some of the company's proprietary software is derived, at least in part, from the open source software it uses. GPL "copyleft" rules state a company that uses open-source based software must provide that code to users and allow users to modify the software as they see fit.

McAfee director of public relations Joris Evers called this week's reports "old news", pointing out this "cautionary language" has been in use by the company, along with others like Microsoft and Oracle, for several years. "We haven't been on file with the SEC for a while because of stock option back-dating issues," he says. "I think some blogger just found our 10-K filing and noticed the language."

Evers characterizes the warning as standard industry practice that is commonly used. "We are an avid supporter of open source software," he says. "This is not the result of any pending or threatened litigation involving McAfee's use of open source software."

Daniel Ravicher, legal director of SFLC, agrees the inclusion of the disclaimer is old news. However, he says there is no evidence to support McAfee's claim that the guidelines are ambiguous and says he feels the law is pretty clear. "The GPL is no more uncertain than the other proprietary licenses they use, and those licenses have cumbersome large terms and are probably longer than the GPL," he says. "I don't see how one can reasonably say the terms are ambiguous. Maybe they just need better lawyers."