1 week Ago
Patent trolls are a growing challenge for the software industry. And the Linux Foundation has launched a large campaign to snuff them out. Attendees at the annual cloud-native software developers conference known as Kubecon this week were surprised at the force with which the Linux Foundation highlighted the growing legal and regulatory issues facing the open-source software industry.
Legal organizations called non-practicing entities, commonly referred to as patent trolls, have been increasingly targeting open-source software. The Linux Foundation and its Cloud Native Computing Foundation division led with the topic of patent trolls and software regulation at the opening keynote on Wednesday here in Salt Lake City and announced the Cloud Native Hero Challenge , which rewards developers for identifying prior art and other evidence to invalidate predatory patents. This follows a recent successful bounty operation by Cloudflare to combat patent trolling .
“It’s unfortunate [that they have to do something], but looking at the success of CNCF, it is expected,” said Anirban Sengupta, CTO and SVP of Engineering at Aviatrix and former senior director of Google Kubernetes Engine and Anthos. “It is great to see CNCF and Linux foundation have a plan to deal with it” The risks of patent trolls is especially acute in the cloud industry, where open-source projects such as Kubernetes are becoming part of the fabric of cloud infrastructure. Patent trolling poses a huge threat to businesses.
With an estimated 80% of businesses using some form of OSS, a successful patent challenge to an open-source project could threaten the operation of everyday software services and applications. “We’ve Got to Stop It” Linux Foundation executive director Jim Zemlin sent a clear message that an escalation of patent troll activity, in which legal entities patent pieces of open-source code and then launch legal challenges to people using it, is a huge challenge in the software industry. “We’ve got to stop it,” Zemlin said in a press conference here at the event.
The addition of the Cloud Native Hero Challenge uses a crowdsourcing approach to stop the trolls. This follows other recent efforts. In September, the CNCF announced a partnerhip with Unified Patents to raise resources to fight the legal challenges.
Zemlin said that if the open-source community can make life difficult for the patent trolls, they’ll go elsewhere where there is less resistance. Growing Legal and Regulatory Overhead In addition to the patent-troll threat, Zemlin said the Linux Foundation and other open-source organizations are seeing increased legal and regulatory burdens. “The big moving pieces are legal changes, regulatory challenges, and cybersecurity challenges,” said Zemlin.
“What do we do to deal with the trifecta of challenges? We work on the challenges collectively.” Some of the examples cited by Zemlin include patent trolling as well as ongoing legal activities such as federal subpoenas, AI legislation, and cease-and-desist orders. "This is a significant increase in activity,” Zemlin said about the Linux Foundation’s legal and regulatory challenges.
“Open source is becoming a more regulated part of the world. That's probably not a horrible thing. But the days of minimal oversight are retiring.
" In the ongoing battle over the fork of the open-source Terraform code, which involves HashiCorp and the open-source project OpenTofu, both sides have been occupying the CNCF’s time with legal salvos. HashiCorp in particular has been sending cease-and-desist orders over code being used in OpenTofu. “We support the right to fork,” said Zemlin.
“In this case what matters is adhering to strict intellectual property rules.” Alex Williams, founder and publisher of the New Stack, a publication that covers open-source and DevOps themes, said the issues brought up by the Linux Foundation reflect the increased regulatory and security demands of software, especially in the open-source community. “I was surprised [by the force of the message], but leading technologists have been warning us about this for several years,” Williams told me.
“You are seeing the coming regulation of software, the government being more forceful doing things such as eliminating C and C++ [code]. There is a security angle.” Partnership with Unified Patents By teaming with Unified Patents, the CNCF and Linux Foundation believe they can have an impact.
Unified Patents collects data that shows that NPE patent challenges have been increasing in general but have backed off a bit in the last couple of years. For example, in 2015 there were just 32 NPE patent infringement claims against cloud-native OSS projects. That number rose to a high of 198 in 2021.
The numbers did drop to 162 in 2022 and 126 in 2023. However, those numbers by no means show the problem has abated. And with the increased use of OSS in major software projects including AI, the patent challenges present a threat to some of the largest businesses in the world, which are using OSS.
For example, Kubernetes, a major OSS effort in compute, is used by most AI applications. With all these challenges coming to the fore, the message here at Kubecon has been clear: The OSS community will be escalating its fight to protect code.
