Not long ago, almost all probably heard of the infamous security flaw CVE-2021-44228, better known as the security flaw in Log4j called Log4Shell. Some developers may have heard of the developer, that corrupted his own NPM library. For some people’s view, it was further proof, that Open Source Software (OSS) is by far worse than proprietary software. But is that true? Aren’t there solutions to such a problem?
(Source of Picture: https://xkcd.com/2347/ )
A more detailed look at Open Source Software
Open Source Software is software, where anybody can look at the source code and see how the program is made. The opposite is closed source code, generally under a proprietary license.
Some of the most famous open-source software projects are:
- Linux (The internet is based on this)
Some of the most famous closed source software are:
- Adobe Photoshop
But many corporations use OSS in their closed source software. This became obvious when suddenly corporations had to upgrade their products after Log4Shell. And here the problem starts to become obvious. The corporations use Open Source Software for free, and the developers maintain it for free in their free time. And this can become an issue as soon as the developer has no time to further maintain his software. Or if she/he just starts neglecting to maintain and then a security vulnerability isn’t discovered and fixed. And then we have the perfect disaster.
This was the statement of the developer who killed his libraries.
Furthermore creating a profit from something free is ethically questionable.
And all this in a special scene: Open Source Software allows the user to check if the software isn’t malicious, whilst proprietary software forces the user to trust the company/developer. So OSS is necessary but not supported by many people.
Solutions to this problem
There are many solutions to this problem, reaching from killing Open Source Software to forcing everything to be Open Source. But honestly, there are some solutions, that are already implemented on other things or not that radical.
Here the spotlight is on two solutions. First of all, there is a solution from the music industry, which is already in use for example in Switzerland. Furthermore, there is a solution from the private sector, which may need further investigation if it is legally possible.
Change the law.
In Switzerland, there is an organization called „SUISA“, which has the purpose to get money for music usage and distribute it to the artists. Furthermore, there is also an organization called „ProLitteris“, which has the same purpose as suisa, just that it is for books and journalists. Those types of organizations are called: „Collecting societies“. Whilst ProLitteris has a tax on every printer, SUISA sells the right to play music at bigger parties. Both those collecting societies are made by copyright law and have the sole purpose to give the artists or authors money.
Such a thing does currently not exist for developers. And here starts the role of the lawmakers: They can also create such a system for Open Source Software. This shall be made for all Open-Source-Projects, which can opt-in and are paid by a share.
But the question is, how to get money. Here the proposition is, that every company, that hires some developers has to pay an additional tax on their annual revenue, which goes to this organization. Other options are additional tax sales or on the salary of the developer, which the company has to pay. (It is also noted, that almost all developers use oss-libraries somewhere.)
Companies that try to circumvent this and that get caught shall be punished by something in the height of a year’s revenue.
This system shall reward the time those developers spend and give their projects an additional income since exposure does not pay their bills. As all have seen with Log4J, many things depended on a project maintained by one man and provided that such a thing runs everything, its value shall be big.
Change the licenses (Looking at GPL)
Whilst changing the law is complicated and a process that takes a huge amount of time, there is another option, which allows an improvement for the developers. According to the Swiss Copyright law, the owner of the Copyright can choose who, when, and under what condition his work is used. Most Copyright laws are similar due to international contracts created about a century ago. This allows the creator of a theater piece to say, that it can only be presented on Saturdays. The question now arises, what is the connection to OpenSource. The answer is, that Sourcecode also falls under this law.
We now see, that every piece of code is protected by copyright and therefore the creator can give the conditions. Whilst the current versions of licenses only allow or disallow commercial use, it may be possible that the creator may change the conditions. Therefore the following conditions may be a solution:
The use of the software/library is free as long as it is only used in private projects by individuals. The use of the software/library in companies or for-profit is only allowed, if and only if the company pays a proportional amount of work done by this to this project.Shall be optimized by a lawyer, but the meaning is clear.
This is a solution to the problem if all hold to the license. But the problem is, that some will not hold to this condition. This has been made public by the case, where a Chinese streamer went to a company to force them to publish their source code. They complied with it, and in the video, she said, that she does not believe, it was malicious behavior of the company, it was more about forgetting it. (Noting, that this is probably only an example, and in no way representative.)
Therefore to give this license agreement its spice, there has to be an organization, which takes a company to court if it violates these rules.
In the end
While the latter option may have its struggles, it may be the option, which is in the short term the only practicable option, since changing the law takes much time and a party that wants these changes. But the society shall not let the Open Source Community die, just because this work is not rewarded. And changing the license is a complicated action, with many legal loopholes.
Therefore it is necessary that our society goes a step ahead and shows, that they value such things.
This just in the context, that many things depends on Open-Source-Software.
Please state your viewpoint in the comments.