"Open source code is problematic because anonymous people on the Internet design it, and 'holes' are not fixed by vendor updates." Is this FUD from some proprietary software behemoth? No, it's a quote from a recent decision made by a California Court of Appeal.
As attorney Evan Brown noted, 21st Capital Corp. v. Onodi Tooling & Engineering Co. did not hinge on the fact that PostgreSQL is open source software. Indeed, the open nature of the software is basically irrelevant to the facts of the case. Nonetheless, the fact that such a statement would appear in a court ruling is disturbing. We're used to thinking about the legal issues of open source software in terms of intellectual property. Patent, copyright, and licensing issues have been litigated over the years. But these issues are not markedly different for open source software projects.
Copyright is copyright, and open source licenses are just another license. What this case illustrates is the need for judges and lawyers to understand what open source software is: not just software made available under a license, but software that has an accompanying ethos.
Readers of Opensource.com will not be surprised to read that participants in open source projects are not comprised of a monolithic demographic. Projects are run in a variety of ways: some will accept code from anyone so long as it works, while other programmers write the software and then "throw it over the wall" to the user community. Nowhere on that spectrum is "random strangers make driveby commits that immediately affect every installation of that software package." Open source software enthusiasts understand that community-developed software can be just as secure as proprietary packages. Academic research backs this up. The large usage of open source software in government and industry shows that it makes good business sense. And while this is all well and good, it means little if the lawyers and judges in a courtroom don't get it.
Law almost always lags technology—sometimes by a decade or more—and laws are made both by legislatures and by judicial decisions. It's only a matter of time until the very nature of open source software becomes a relevant part of a trial. Fortunately, the 21st Capital case does not establish a citeable precedent about open source software, but the next case might.
It's clear that open source advocates need to work on educating participants in the legal system. Lawyers and judges need to know the law foremost, and it's unreasonable to expect them to have deep knowledge of every possible issue that might arise. Nonetheless, even a passing familiarity can have a profound impact. I'm not sure how best to approach the issue, so if you have ideas, let me know in the comments.