Compliance Toolkit

Fortinet accused of GPL violation

Ingrid Marson ZDNet.co.uk

Published: 14 Apr 2005 17:10 BST

Security vendor Fortinet has been accused of misusing software licensed under the GPL.

Harald Welte, a Linux kernel developer who runs gpl-violations.org, said on Thursday that he has obtained a preliminary injunction against Fortinet, banning them from distributing their products until they comply with the conditions of the GPL.

The injunction was granted by the Munich District Court after Fortinet failed to respond to an earlier warning letter.

Fortinet had not responded to requests for comment at the time of writing.

Welte claimed that the binary code in some Fortinet products appears to have used GPL-licensed code, including parts of the Linux kernel, but that the company has not made the source code and licence text available when distributing the code as is required by the GPL.

He further claimed that the company tried to hide the use of GPL code by using cryptographic techniques.

"This violation by Fortinet is especially egregious since the vendor not only violated the GPL, but actively tried to hide that violation," said Welte in a statement. "We are not in any way opposed to the commercial use of free and open source software and there is no legal risk of using GPL licensed software in commercial products. But vendors have to comply with the license terms, just like they would have to with any other software licence agreement."

The application in question is FortiOS, the operating system included in some of Fortinet's products such as its FortiGate antivirus firewalls.

Since setting up the gpl-violations.org project in 2004, Welte has negotiated more than 30 out-of-court settlement agreements. Last month, he personally handed over warning letters to 13 technology companies at CeBIT, including telecoms giant Motorola and PC manufacturer Acer.

ZDNet UK recently spoke to Welte about his methods and the motivation behind gpl-violations.org. You can read the full interview here.