[ RMLL 2013, Bruxelles – Thursday 11th
July 2013 ]
Legal analysis of source code
Presenter : Dr Ir Robert Viseur
2
General context
• Media coverage about violations of intellectual
property in ICT industry.
• Intellectual property ? Ma...
3
Free software context (1/2)
• Media coverage about free software licenses
violation.
• Case of gpl-violations.org.
• Goa...
4
Free software context (2/2)
• Case of the election software in Belgium.
• Distribution without license but...
• One of t...
5
Protection of computer softwares
• No specific law.
• Covered by copyright.
• Possibility to patent software.
• In parti...
6
Software licenses
• Three types of licenses:
• Proprietary licenses.
• E.g. CLUF for Microsoft softwares.
• Hybrid licen...
7
Free software licenses (1/2)
• Two families of free software licenses:
• Permissive / academic licenses.
• Copyleft / re...
8
Free software licenses (2/2)
9
Issues for companies (1/2)
• Problem of incompatibilities
between free software
licenses.
• Problem of incompatibily
bet...
10
Issues for companies (2/2)
• Problem of specific obligations in free sofware
licenses (e.g. notices, automatic patent l...
11
How to address those issues ?
• Introduce corporate governance rules.
• See for example the « Open Source Review Board ...
12
Tools for legal analysis
of source code
• Proprietary software: Black Duck Software.
• Available open source tools:
• T...
13
Presentation of Ohcount,
Find and Grep (1/2)
• Ohcount:
• Formally: source code line counter.
• But...
14
Presentation of Ohcount,
Find and Grep (2/2)
• Ohcount:
• Option « -l, --license » : display detected licensing
informa...
15
What we used
• Ohcount for collecting licensing information.
• Find and grep for detecting files related to
attribution...
16
Example 1: simple library
• Detection of forgotten licensed files:
17
Example 2: free software suite
(1/4)
• Detection of attributions (by filename / by
content):
18
Example 2: free software suite
(2/4)
• Detection of commercial brands (by filename / by
content):
19
Example 2: free software suite
(3/4)
• Detection of patents (by filename / by content):
20
Example 2: free software suite
(4/4)
• Detection of licenses (information from Ohcount) :
?!
?!
21
Limitations of the method
• Some crashes with Ohcount in big file trees.
• Problem with the version of the license (Ohc...
22
Stay tuned
• Some planned improvement on the script.
• Examples : recognition of CC licenses, better filtering of
find/...
23
Thanks for your attention.
Any questions ?
24
Useful additional readings...
• Alspaugh, T.A., Asuncion, H.U., & Scacchi W. (2009), « Intellectual property rights
req...
25
Contact
Dr Ir Robert Viseur
Email (@CETIC) : robert.viseur@cetic.be
Email (@UMONS) : robert.viseur@umons.ac.be
Phone : ...
Upcoming SlideShare
Loading in …5
×

Legal analysis of source code

858 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
858
On SlideShare
0
From Embeds
0
Number of Embeds
50
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Legal analysis of source code

  1. 1. [ RMLL 2013, Bruxelles – Thursday 11th July 2013 ] Legal analysis of source code Presenter : Dr Ir Robert Viseur
  2. 2. 2 General context • Media coverage about violations of intellectual property in ICT industry. • Intellectual property ? Mainly: • patents, • copyright, • industrial design rights, • trademarks. • Examples: several trial between Apple, Samsung and Nokia about patents, copyright (look&feel) and industrial design rights violation.
  3. 3. 3 Free software context (1/2) • Media coverage about free software licenses violation. • Case of gpl-violations.org. • Goal: « The gpl-violations.org project tries to raise public awareness about past and present infringing use(r)s of GPL licensed software » • Case of NeoNova et Israpunt trial in Netherlands. • Mixed development -> trial about the use of closed part (GUI). • URL: http://www.techzine.nl/nieuws/26429/israpunt- beschuldigd-van-softwarediefstal.html.
  4. 4. 4 Free software context (2/2) • Case of the election software in Belgium. • Distribution without license but... • One of the files in the source code available under the terms of the GNU GPL 2 license. • URL: https://joinup.ec.europa.eu/news/be-government- publishes-source-code-election-software. • Case of multiple violations in mobile applications store. • Various violations: lack of notices/attribution files (AL), incompatibilities between licenses,... • URL: http://techcrunch.com/2011/03/08/potential-open-source- license-violations-in-android-and-ios-apps/.
  5. 5. 5 Protection of computer softwares • No specific law. • Covered by copyright. • Possibility to patent software. • In particular cases in Europe (e.g. industrial process). • Widely used in United States. • Legal rights and duties explained in licenses (contracts). • The licenses are build on copyright but can also refer to commercial brands and patents.
  6. 6. 6 Software licenses • Three types of licenses: • Proprietary licenses. • E.g. CLUF for Microsoft softwares. • Hybrid licences (rare). • E.g. former SCSL for Sun Microsystems softwares. • Free software licenses. • E.g. AL, BSD, GPL, LGPL,... • More or less 70 free software licenses.
  7. 7. 7 Free software licenses (1/2) • Two families of free software licenses: • Permissive / academic licenses. • Copyleft / restrictive licenses (licenses with reciprocity). • Three types of licenses with reciprocity. • Weak reciprocity. • File-based, or not. • Strong reciprocity. • Network reciprocity.
  8. 8. 8 Free software licenses (2/2)
  9. 9. 9 Issues for companies (1/2) • Problem of incompatibilities between free software licenses. • Problem of incompatibily between free software licenses and agreements in marketplaces.
  10. 10. 10 Issues for companies (2/2) • Problem of specific obligations in free sofware licenses (e.g. notices, automatic patent license agreement or patent reciprocity, etc.). • Problem of commercial brands and patents. • Problem of developments mixing free and proprietary source codes (e.g. partnerships). • (Problem of « wild » copy and paste behaviors).
  11. 11. 11 How to address those issues ? • Introduce corporate governance rules. • See for example the « Open Source Review Board » at Hewlett-Packard (Gobeille, 2008). • Take account of license constraints in the modelling of the software (architecture). • See for example the « Software Architecture License Tracability Analysis » tool based on ArchStudio4 or... • « OSSLI » (Open Source Software Licensing) tool based on Eclipse and Papyrus (Alspaugh et al., 2009; Lokhman et al., 2012). • Conduct a legal analysis of source code. • See for example FOSSology (www.fossology.org).
  12. 12. 12 Tools for legal analysis of source code • Proprietary software: Black Duck Software. • Available open source tools: • The most famous: FOSSology (see http://www.fossology.org). • The lightest: Ohcount (see http://www.ohloh.net/p/ohcount). • Others: ASLA (see http://asla.sourceforge.net/), LIDESC (see http://www.mibsoftware.com/librock/lidesc/), etc. • Some criteria of choice: • availability, • ease of installation, • lightness, • support of licenses (+ precision / recall), • community, • updates.
  13. 13. 13 Presentation of Ohcount, Find and Grep (1/2) • Ohcount: • Formally: source code line counter. • But...
  14. 14. 14 Presentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained in each source code file. • Available in Synaptic. • Find: search for files in a directory hierarchy. • Grep, egrep, fgrep: print lines matching a pattern.
  15. 15. 15 What we used • Ohcount for collecting licensing information. • Find and grep for detecting files related to attributions, patents or commercial brands. • List of keywords and... • Matching with filenames or textual content. • Output: report (in HTML format) processed by configurable PHP script.
  16. 16. 16 Example 1: simple library • Detection of forgotten licensed files:
  17. 17. 17 Example 2: free software suite (1/4) • Detection of attributions (by filename / by content):
  18. 18. 18 Example 2: free software suite (2/4) • Detection of commercial brands (by filename / by content):
  19. 19. 19 Example 2: free software suite (3/4) • Detection of patents (by filename / by content):
  20. 20. 20 Example 2: free software suite (4/4) • Detection of licenses (information from Ohcount) : ?! ?!
  21. 21. 21 Limitations of the method • Some crashes with Ohcount in big file trees. • Problem with the version of the license (Ohcount). • Example: GPL v2, GPL v2+ or GPL v3. • Pay attention to the files covered by several licenses. • Pay attention to the list of supported licenses. • Don't be afraid by false positives... • No architectural view. • No recognition of open content (e.g. CC) or open data licenses.
  22. 22. 22 Stay tuned • Some planned improvement on the script. • Examples : recognition of CC licenses, better filtering of find/grep outputs, deeper analyze of tables (licenses), etc. • Fast evolution of tools. • Example : FOSSology 2.2.0 released in June 2013. • Interest in integration with source code analysis softwares. • Example: plugin for FOSSology in the wish list of Sonar (www.sonarqube.org). • URL: http://docs.codehaus.org/display/SONAR/Plugins+under+ development.
  23. 23. 23 Thanks for your attention. Any questions ?
  24. 24. 24 Useful additional readings... • Alspaugh, T.A., Asuncion, H.U., & Scacchi W. (2009), « Intellectual property rights requirements for heterogeneously-licensed systems », 17th IEEE International Requirements Engineering Conference (RE’09), pp. 24–33, Augustus 31 - September 4, 2009. • Gobeille, R. (2008), « The FOSSology project », MSR '08 Proceedings of the 2008 international working conference on Mining software repositories. • Lokhman, A., Luoto, A., Abdul-Rahman, S., & Hammouda, I. (2012), « OSSLI: Architecture Level Management of Open Source Software Legality Concerns », Open Source Systems: Long- Term Sustainability, pp. 356-361, Springer Berlin Heidelberg. • Tuunanen, T., Koskinen, J., & Kärkkäinen, T. (2006). « Retrieving open source software licenses », Open Source Systems, pp. 35-46, Springer US. • Viseur, R. (2011), « La valorisation des logiciels libres en entreprise », Jeudis du Libre, Université de Mons, 15 septembre 2011. • Viseur, R. (2012), « Gérer la propriété intellectuelle dans les projets à base de logiciels libres », 17ème conférence de l'Association Information et Management, Mai 2012.
  25. 25. 25 Contact Dr Ir Robert Viseur Email (@CETIC) : robert.viseur@cetic.be Email (@UMONS) : robert.viseur@umons.ac.be Phone : 0032 (0) 479 66 08 76 Website : www.robertviseur.be This presentation is covered by « CC-BY-ND » license.

×