Meanwhile, Linux creator Linus Torvalds today said that he has no plans to look at the code and that the battle between SCO, IBM and Novell is on par with a rancorous episode of the Jerry Springer Show.
In an effort to convince the world that the Linux operating system was created in part with its Unix code, SCO said it would begin showing analysts its evidence next week - provided those parties signed a nondisclosure agreement (NDA).
But Giga Information Group analyst Stacey Quandt called the offer a PR stunt. She has discussed SCO's offer with her legal counsel, and if she signs an NDA, it may hinder her ability to write about it. She could also get subpoenaed.
"[SCO] should tell everybody what they have," said Quandt, who has advised Giga clients to continue with their Linux adoption.
Other analyst firms expressed similar reservations about playing an active role in SCO's $1bn lawsuit against IBM, which alleges misappropriation of trade secrets and other claims. SCO has warned some 1,500 businesses that they may be using Linux at their legal peril.
Linux creator Torvalds will not sign a nondisclosure agreement with SCO to review the code. "I don't see much point. They don't want to tell; they want to sue. I'm told that it will come out in discovery during the actual suit at some point."
Torvalds then likened the fight between SCO, IBM and Novell to a TV show. "I found it mostly interesting in a Jerry Springer kind of way. White trash battling it out in public, throwing chairs at each other. SCO crying about IBM's other women. ... Fairly entertaining," he said.
Gartner analyst George Weiss has been talking to SCO and is also leaning against accepting the offer. Weiss said SCO is making its case based on "vague inferences" and is asking analysts to do the same. "It's stepping right into their shoes," he said.
IDC is also mulling the offer from SCO to review source code, but it has reservations. "I'm not sure that showing us the code would prove anything to me, because I don't know where it came from," said IDC analyst Dan Kusnetzky.
Despite the concerns expressed by Gartner, Giga and IDC, SCO chief executive officer Darl McBride said that five or six analysts have expressed interest in viewing the code under NDAs, adding that some "highly recognisable" members of the open-source community have also asked about the NDA process, but he would not give their names.
The value of review by analysts at Giga, IDC, Gartner or any independent source is questionable and legally risky for anyone who agrees to it, said Michael Overly, a partner at the law firm Foley & Lardner. Anyone who reviews the source code can expect to be called to give evidence in the IBM lawsuit. "Do they want to lose all that employee time and face potential adverse publicity?" asked Overly.
But if an analyst says there are copyright infringements, other Linux firms could make claims against the analyst's firm because the opinion could depress Linux earnings. Those companies could seek to find out whether the analyst was negligent in his analysis of the code, said Overly.
Even if there is similar code, that doesn't mean there is infringement, especially under copyright law "fair use" provisions, said Overly. "If I take a piece of code that someone has written, take it verbatim but expand on it and use it for a completely different work, that may or may not be copyright infringement," he said.
Overly said a review of the code by anyone other than a judge "means absolutely, nothing" in determining the merit of SCO's claims.
Regardless of the uncertainties, legal experts said Linux users have to pay attention to the fight. "The fact that you ignored it could, potentially, cause your damages to increase substantially," said Brian Ferguson, an attorney at McDermott, Will & Emery. "The ostrich's head-in-the-sand approach is definitely not an option."
Matthew Furton, an attorney at Gordon & Glickson in Chicago, said it was premature for any company to reduce or eliminate its exposure to Linux.
"The fact that someone is making allegations about proprietary technology [being] inappropriately included doesn't mean that companies should uninstall or cease deployments," he said. "It means they should remain vigilant about the case."Patrick Thibodeau and Todd R.Weiss write for Computerworld