But what if SCO really did have a claim? Would the Linux world collapse? As soon as SCO made its initial claim, kernel developers asked SCO to tell them what code was "stolen" so that it could be replaced with "legal" code. Had SCO done so, this sanitized kernel could have been offered to the world in a day or two. In the U.S. and most countries, lawsuit awards depend on the value of the damage and whether it was malicious and the fickleness of the jury.
If the damaged code could be replaced with little effort it has no significant value. Its inclusion, had it occurred, clearly was not malicious on the part of the "kernel team" nor by Distributions nor by users. Juries usually root for the little guy. Would a jury rule that a "mom and pop" shop owed money to SCO? I doubt it. SCO would go bankrupt before it filed many of these suits anyway.
Where do we go from here? First, ignore any letters from SCO and assure management that there is no risk in using Linux, only advantages. Point out that had there been stolen code in Microsoft code you would have no more protection and still could be sued successfully by whomever owned the code. Read your Microsoft EULA; you give up any right to sue Microsoft for anything. There is such a suit concerning stolen code in a purchased Microsoft product right now in the U.S. courts. The users probably will lose big.
Be grateful for IBM and Red Hat having the courage to fight SCO rather turn tail and run, tossing money to SCO as Hewlett-Packard did. Be thankful to Eric Raymond and others who volunteered their time to analyze this problem and publicize that there is no threat. Be relieved that Linux developers will be even more careful about IP. Be impressed that the Linux community will protect itself and the world against assault by bullies such as SCO and Microsoft. Tell everyone you know that Linux is the most secure, reliable, and cost-effective solution to their problems and help them transition.
Bob Toxen is author of the new book "Real World Linux Security: Intrusion Prevention, Detection, and Recovery, 2/e", the first edition (available in English, Chinese, and Japanese), one of the 162 official developers of Berkeley Unix, and one of the four programmers who first ported Unix to the Silicon Graphics workstation. The book's web site is www.realworldlinuxsecurity.com. An interview with Bob is available here.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.