Is the SAP community learning from the No Ears Rabbit legal battle?

One of the reasons given by the court for its ruling in the Kleinohrhasen case was that "due to the above-average success of the films, there were indications that the plaintiff might be entitled to further participation". Copyright law provides for the "subsequent adjustment of an originally appropriate remuneration in the event of above-average success". Even though this case "only" concerns books and films, Sections 32 et seq. of the Copyright Act nevertheless apply by analogy to all works protected by copyright, including software.

So-called open source license trolls have developed a flourishing business and successfully sued many companies, such as telecom providers, for six- to seven-figure euro amounts. Even though license type issues such as LGPL or "copy-left" clauses are still the focus of lawsuits against open source software users, the case described above could further stimulate the business of license plaintiffs and lawyers.

For many years, E-3 Magazine Editor-in-Chief Peter Färbinger has been telling us that educational work is important for the SAP community. Analogously, this applies to companies and software developers, because without a complete overview of which software (including open source) is being used in which version and under which licensing conditions, no one can reliably assess licensing or potential security risks.

Since most companies use at least dozens, usually hundreds or thousands, of different open source components, this is a very difficult task. However, there are proven solutions that automatically search for open source solutions used in the company and warn when components do not meet management's licensing requirements, are outdated or have known security vulnerabilities.

Even if this sounds abstract to readers, it becomes an important success criterion at the latest in the context of due diligence, such as for a strategic partnership with SAP (solution extension/premium qualification), venture capital financing or the company takeover (M&A). Especially in the Covid-19 lockdown situation - without visit opportunities - it could be seen that even with professional preparation, things can still be unclear and complicate or delay M&A negotiations. Without proper tools and preparation, this would likely lead to early termination of negotiations for strategic opportunities.

Regardless of the licensing issue, the number of cyber-security attacks on companies has increased dramatically in recent years and in 2020 even experienced players such as Software AG have been hit hard. Unfortunately, one must also observe that the "quality" of these attacks is reaching completely new levels, and government agencies are increasingly getting involved in cyber attacks, even against companies (see, for example, Stuxnet or the current SolarWinds hack, the presumed largest cyber attack against the Western world). Successful attacks usually cause major economic damage, including downtime, costly damage repair and loss of image.

So what can the SAP community do? Follow Peter Färbinger's recommendation, educate themselves and use open source and security monitoring solutions, such as the free solution VersionEye from Mannheim, which is itself open source and offers both powerful license and security monitoring, or Snyk from Israel for software container monitoring.

Since many companies have partner networks, not only their own security situation should be monitored, but also that of partners. This is where the LocateRisk solution from Darmstadt comes in. Characteristic of professional cyber attacks is often the concealment of attacks and destruction of forensic traces - also in logs and data backups. This is why the new distributed ledger-based solution Chainkit may be needed.