Levin: Well, one of the risks is that if there's a proprietary software company, that the proprietary software company comes back and demands new license payments. Also, the terms of the proprietary software company oftentimes explicitly call out that it's prohibited to combine open source with that proprietary software company's code. Alternatively, with open source licenses, if you don't use them properly you could be identified on Slashdot (http://slashdot.org/) or t he FSF (http://www.fsf.org/), the Free Software Foundation. You could be involved with discussions with them.
InfoWorld: How would somebody find out if you're using software that you're not supposed to, other than a disgruntled employee? How would somebody get caught, whether they're doing it knowingly or not?
Levin: Disgruntled employees are one of the sources. Typically, those are the people who identify those companies on Slashdot or other sites, maybe in their blogs. The other way is reverse-engineering. So there's a whole group of cases that have been brought by a guy named Harald Welte, who is a guy who maintains a site called gpl-violations.org (http://gpl-violations.org/). And I forgot -- I don't know the exact number of cases that he brought, somewhere in the neighborhood of 12 to 17 cases, mainly GPL-oriented and mainly involving embedded software, where he reverse-engineered the software, rather the hardware and software in some cases. And he was able to identify the GPL in there. So he's brought the litigation in German courts, but there's also been litigation in Danish courts, in Korea, and there have been several cases in the U.S. So the answer to the question is, Usually it's reverse-engineering. Sometimes it's disgruntled employees. Sometimes it's literally source code that has been shared in OEM cases or in other cases and the company just unknowingly did it. And the final thing is that a lot of times the software is identified as a matter of a due diligence during the course of financial transactions. And it does affect the price of the ultimate deal, or it has in the past. The reason why it's less so today is because increasingly companies are using Black Duck on-demand in their financial transactions.
InfoWorld: Your services would cover companies that are selling software or just developing it in-house for their own use, correct?
Levin: Yes, the whole world of enterprises using it for in-house purposes, as well as [a] separate world of software developers, technology companies, embedded software developers, that whole group, who are either reselling software or selling their companies or financing their companies.