SlideShare a Scribd company logo
[ RMLL 2013, Bruxelles – Thursday 11th
July 2013 ]
Legal analysis of source code
Presenter : Dr Ir Robert Viseur
2
General context
• Media coverage about violations of intellectual
property in ICT industry.
• Intellectual property ? Mainly:
• patents,
• copyright,
• industrial design rights,
• trademarks.
• Examples: several trial between Apple, Samsung
and Nokia about patents, copyright (look&feel)
and industrial design rights violation.
3
Free software context (1/2)
• Media coverage about free software licenses
violation.
• Case of gpl-violations.org.
• Goal: « The gpl-violations.org project tries to raise public
awareness about past and present infringing use(r)s of GPL
licensed software »
• Case of NeoNova et Israpunt trial in Netherlands.
• Mixed development -> trial about the use of closed part
(GUI).
• URL: http://www.techzine.nl/nieuws/26429/israpunt-
beschuldigd-van-softwarediefstal.html.
4
Free software context (2/2)
• Case of the election software in Belgium.
• Distribution without license but...
• One of the files in the source code available under the terms of the
GNU GPL 2 license.
• URL: https://joinup.ec.europa.eu/news/be-government-
publishes-source-code-election-software.
• Case of multiple violations in mobile applications store.
• Various violations: lack of notices/attribution files (AL),
incompatibilities between licenses,...
• URL: http://techcrunch.com/2011/03/08/potential-open-source-
license-violations-in-android-and-ios-apps/.
5
Protection of computer softwares
• No specific law.
• Covered by copyright.
• Possibility to patent software.
• In particular cases in Europe (e.g. industrial
process).
• Widely used in United States.
• Legal rights and duties explained in licenses
(contracts).
• The licenses are build on copyright but can also
refer to commercial brands and patents.
6
Software licenses
• Three types of licenses:
• Proprietary licenses.
• E.g. CLUF for Microsoft softwares.
• Hybrid licences (rare).
• E.g. former SCSL for Sun Microsystems softwares.
• Free software licenses.
• E.g. AL, BSD, GPL, LGPL,...
• More or less 70 free software licenses.
7
Free software licenses (1/2)
• Two families of free software licenses:
• Permissive / academic licenses.
• Copyleft / restrictive licenses (licenses with
reciprocity).
• Three types of licenses with reciprocity.
• Weak reciprocity.
• File-based, or not.
• Strong reciprocity.
• Network reciprocity.
8
Free software licenses (2/2)
9
Issues for companies (1/2)
• Problem of incompatibilities
between free software
licenses.
• Problem of incompatibily
between free software licenses
and agreements in
marketplaces.
10
Issues for companies (2/2)
• Problem of specific obligations in free sofware
licenses (e.g. notices, automatic patent license
agreement or patent reciprocity, etc.).
• Problem of commercial brands and patents.
• Problem of developments mixing free and
proprietary source codes (e.g. partnerships).
• (Problem of « wild » copy and paste behaviors).
11
How to address those issues ?
• Introduce corporate governance rules.
• See for example the « Open Source Review Board » at
Hewlett-Packard (Gobeille, 2008).
• Take account of license constraints in the modelling of
the software (architecture).
• See for example the « Software Architecture License
Tracability Analysis » tool based on ArchStudio4 or...
• « OSSLI » (Open Source Software Licensing) tool based on
Eclipse and Papyrus (Alspaugh et al., 2009; Lokhman et
al., 2012).
• Conduct a legal analysis of source code.
• See for example FOSSology (www.fossology.org).
12
Tools for legal analysis
of source code
• Proprietary software: Black Duck Software.
• Available open source tools:
• The most famous: FOSSology (see http://www.fossology.org).
• The lightest: Ohcount (see http://www.ohloh.net/p/ohcount).
• Others: ASLA (see http://asla.sourceforge.net/), LIDESC (see
http://www.mibsoftware.com/librock/lidesc/), etc.
• Some criteria of choice:
• availability,
• ease of installation,
• lightness,
• support of licenses (+ precision / recall),
• community,
• updates.
13
Presentation of Ohcount,
Find and Grep (1/2)
• Ohcount:
• Formally: source code line counter.
• But...
14
Presentation of Ohcount,
Find and Grep (2/2)
• Ohcount:
• Option « -l, --license » : display detected licensing
information contained in each source code file.
• Available in Synaptic.
• Find: search for files in a directory hierarchy.
• Grep, egrep, fgrep: print lines matching a pattern.
15
What we used
• Ohcount for collecting licensing information.
• Find and grep for detecting files related to
attributions, patents or commercial brands.
• List of keywords and...
• Matching with filenames or textual content.
• Output: report (in HTML format) processed by
configurable PHP script.
16
Example 1: simple library
• Detection of forgotten licensed files:
17
Example 2: free software suite
(1/4)
• Detection of attributions (by filename / by
content):
18
Example 2: free software suite
(2/4)
• Detection of commercial brands (by filename / by
content):
19
Example 2: free software suite
(3/4)
• Detection of patents (by filename / by content):
20
Example 2: free software suite
(4/4)
• Detection of licenses (information from Ohcount) :
?!
?!
21
Limitations of the method
• Some crashes with Ohcount in big file trees.
• Problem with the version of the license (Ohcount).
• Example: GPL v2, GPL v2+ or GPL v3.
• Pay attention to the files covered by several
licenses.
• Pay attention to the list of supported licenses.
• Don't be afraid by false positives...
• No architectural view.
• No recognition of open content (e.g. CC) or open
data licenses.
22
Stay tuned
• Some planned improvement on the script.
• Examples : recognition of CC licenses, better filtering of
find/grep outputs, deeper analyze of tables (licenses), etc.
• Fast evolution of tools.
• Example : FOSSology 2.2.0 released in June 2013.
• Interest in integration with source code analysis softwares.
• Example: plugin for FOSSology in the wish list of Sonar
(www.sonarqube.org).
• URL:
http://docs.codehaus.org/display/SONAR/Plugins+under+
development.
23
Thanks for your attention.
Any questions ?
24
Useful additional readings...
• Alspaugh, T.A., Asuncion, H.U., & Scacchi W. (2009), « Intellectual property rights
requirements for heterogeneously-licensed systems », 17th IEEE International Requirements
Engineering Conference (RE’09), pp. 24–33, Augustus 31 - September 4, 2009.
• Gobeille, R. (2008), « The FOSSology project », MSR '08 Proceedings of the 2008 international
working conference on Mining software repositories.
• Lokhman, A., Luoto, A., Abdul-Rahman, S., & Hammouda, I. (2012), « OSSLI: Architecture
Level Management of Open Source Software Legality Concerns », Open Source Systems: Long-
Term Sustainability, pp. 356-361, Springer Berlin Heidelberg.
• Tuunanen, T., Koskinen, J., & Kärkkäinen, T. (2006). « Retrieving open source software
licenses », Open Source Systems, pp. 35-46, Springer US.
• Viseur, R. (2011), « La valorisation des logiciels libres en entreprise », Jeudis du Libre,
Université de Mons, 15 septembre 2011.
• Viseur, R. (2012), « Gérer la propriété intellectuelle dans les projets à base de logiciels
libres », 17ème conférence de l'Association Information et Management, Mai 2012.
25
Contact
Dr Ir Robert Viseur
Email (@CETIC) : robert.viseur@cetic.be
Email (@UMONS) : robert.viseur@umons.ac.be
Phone : 0032 (0) 479 66 08 76
Website : www.robertviseur.be
This presentation is covered by « CC-BY-ND » license.

More Related Content

Similar to Legal analysis of source code

Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)
dmgerman
 
Using oss at an internet company and hacker culture; Linux Enterprise Users M...
Using oss at an internet company and hacker culture; Linux Enterprise Users M...Using oss at an internet company and hacker culture; Linux Enterprise Users M...
Using oss at an internet company and hacker culture; Linux Enterprise Users M...
Hiro Yoshioka
 
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01
Hiro Yoshioka
 
Business models of open hardware
Business models of open hardwareBusiness models of open hardware
Business models of open hardware
Robert Viseur
 
Open Source Hardware for Dummies
Open Source Hardware for DummiesOpen Source Hardware for Dummies
Open Source Hardware for Dummies
Robert Viseur
 
Open Source & Open Development
Open Source & Open Development Open Source & Open Development
Open Source & Open Development
Sander van der Waal
 
L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)
Robert Viseur
 
HP Fossology v5.3
HP Fossology v5.3HP Fossology v5.3
Open source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingOpen source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missing
Merlien Institute
 
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
sparkfabrik
 
An Open Source Workshop
An Open Source WorkshopAn Open Source Workshop
An Open Source Workshop
halehmahbod
 
A Method to Detect License Inconsistencies for Large-Scale Open Source Projects
A Method to Detect License Inconsistencies for Large-Scale Open Source ProjectsA Method to Detect License Inconsistencies for Large-Scale Open Source Projects
A Method to Detect License Inconsistencies for Large-Scale Open Source Projects
Yuhao Wu
 
01 Richard Owens W I P O
01   Richard  Owens   W I P O01   Richard  Owens   W I P O
01 Richard Owens W I P O
Heidy Balanta
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP Track
Aaron G. Sauers, CLP
 
Open Development
Open DevelopmentOpen Development
Open Development
Jody Garnett
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk Management
Sebastiano Cobianco
 
Open Source and Accesssiblity - t12t meetup 181122
Open Source and Accesssiblity - t12t meetup 181122Open Source and Accesssiblity - t12t meetup 181122
Open Source and Accesssiblity - t12t meetup 181122
Erik Zetterström
 
Ubucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSSUbucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSS
Nuno Brito
 
Using Open Source for Enterprise
Using Open Source for EnterpriseUsing Open Source for Enterprise
Using Open Source for Enterprise
Eric Fesler
 
Open Source Software Concepts
Open Source Software ConceptsOpen Source Software Concepts
Open Source Software Concepts
JITENDRA LENKA
 

Similar to Legal analysis of source code (20)

Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)
 
Using oss at an internet company and hacker culture; Linux Enterprise Users M...
Using oss at an internet company and hacker culture; Linux Enterprise Users M...Using oss at an internet company and hacker culture; Linux Enterprise Users M...
Using oss at an internet company and hacker culture; Linux Enterprise Users M...
 
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01
 
Business models of open hardware
Business models of open hardwareBusiness models of open hardware
Business models of open hardware
 
Open Source Hardware for Dummies
Open Source Hardware for DummiesOpen Source Hardware for Dummies
Open Source Hardware for Dummies
 
Open Source & Open Development
Open Source & Open Development Open Source & Open Development
Open Source & Open Development
 
L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)
 
HP Fossology v5.3
HP Fossology v5.3HP Fossology v5.3
HP Fossology v5.3
 
Open source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingOpen source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missing
 
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
 
An Open Source Workshop
An Open Source WorkshopAn Open Source Workshop
An Open Source Workshop
 
A Method to Detect License Inconsistencies for Large-Scale Open Source Projects
A Method to Detect License Inconsistencies for Large-Scale Open Source ProjectsA Method to Detect License Inconsistencies for Large-Scale Open Source Projects
A Method to Detect License Inconsistencies for Large-Scale Open Source Projects
 
01 Richard Owens W I P O
01   Richard  Owens   W I P O01   Richard  Owens   W I P O
01 Richard Owens W I P O
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP Track
 
Open Development
Open DevelopmentOpen Development
Open Development
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk Management
 
Open Source and Accesssiblity - t12t meetup 181122
Open Source and Accesssiblity - t12t meetup 181122Open Source and Accesssiblity - t12t meetup 181122
Open Source and Accesssiblity - t12t meetup 181122
 
Ubucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSSUbucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSS
 
Using Open Source for Enterprise
Using Open Source for EnterpriseUsing Open Source for Enterprise
Using Open Source for Enterprise
 
Open Source Software Concepts
Open Source Software ConceptsOpen Source Software Concepts
Open Source Software Concepts
 

More from Robert Viseur

La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...
La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...
La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...
Robert Viseur
 
L'écosystème régional du Big Data
L'écosystème régional du Big DataL'écosystème régional du Big Data
L'écosystème régional du Big Data
Robert Viseur
 
Piloter son appareil photo numérique avec des logiciels libres
Piloter son appareil photo  numérique avec des logiciels  libresPiloter son appareil photo  numérique avec des logiciels  libres
Piloter son appareil photo numérique avec des logiciels libres
Robert Viseur
 
Exploiter les données issues de Wikipedia
Exploiter les données issues de WikipediaExploiter les données issues de Wikipedia
Exploiter les données issues de Wikipedia
Robert Viseur
 
De l’open source à l’open cloud
De l’open source à l’open cloudDe l’open source à l’open cloud
De l’open source à l’open cloud
Robert Viseur
 
Développer ses photos avec RawTherapee
Développer ses photos avec RawTherapeeDévelopper ses photos avec RawTherapee
Développer ses photos avec RawTherapee
Robert Viseur
 
Convertir ses photos en N/B avec Gimp
Convertir ses photos en N/B avec GimpConvertir ses photos en N/B avec Gimp
Convertir ses photos en N/B avec Gimp
Robert Viseur
 
L'open hardware : l'ouverture au service de l'innovation
L'open hardware : l'ouverture au service de l'innovationL'open hardware : l'ouverture au service de l'innovation
L'open hardware : l'ouverture au service de l'innovation
Robert Viseur
 
Pechakucha (Mons) : Street Art à Mons
Pechakucha (Mons) : Street Art à MonsPechakucha (Mons) : Street Art à Mons
Pechakucha (Mons) : Street Art à Mons
Robert Viseur
 
Analyse des concepts de Fab Lab, Living Lab et Hub créatif
Analyse des concepts de Fab Lab, Living Lab et Hub créatifAnalyse des concepts de Fab Lab, Living Lab et Hub créatif
Analyse des concepts de Fab Lab, Living Lab et Hub créatif
Robert Viseur
 
Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...
Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...
Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...
Robert Viseur
 
Etude du secteur des prestataires FLOSS en Belgique
Etude du secteur des prestataires FLOSS en BelgiqueEtude du secteur des prestataires FLOSS en Belgique
Etude du secteur des prestataires FLOSS en Belgique
Robert Viseur
 
Hacker son appareil photo avec des outils libres
Hacker son appareil photo avec des outils libresHacker son appareil photo avec des outils libres
Hacker son appareil photo avec des outils libres
Robert Viseur
 
Comment gérer le risque de lock-in technique en cas d'usage de services de cl...
Comment gérer le risque de lock-in technique en cas d'usage de services de cl...Comment gérer le risque de lock-in technique en cas d'usage de services de cl...
Comment gérer le risque de lock-in technique en cas d'usage de services de cl...
Robert Viseur
 
Hacker son appareil photo, c'est possible !
Hacker son appareil photo, c'est possible !Hacker son appareil photo, c'est possible !
Hacker son appareil photo, c'est possible !
Robert Viseur
 
Comprendre les licences de logiciels libres
Comprendre les licences de logiciels libresComprendre les licences de logiciels libres
Comprendre les licences de logiciels libres
Robert Viseur
 
Impact of cloud computing on FOSS editors
Impact of cloud computing on FOSS editorsImpact of cloud computing on FOSS editors
Impact of cloud computing on FOSS editors
Robert Viseur
 
Une introduction à la co-création dans le domaine des TIC
Une introduction à la co-création dans le domaine des TICUne introduction à la co-création dans le domaine des TIC
Une introduction à la co-création dans le domaine des TIC
Robert Viseur
 
fOSSa 2013 - Crossroads of openness - Wrap-up talk ! / Ecosystem
fOSSa 2013 - Crossroads of openness - Wrap-up talk ! / EcosystemfOSSa 2013 - Crossroads of openness - Wrap-up talk ! / Ecosystem
fOSSa 2013 - Crossroads of openness - Wrap-up talk ! / Ecosystem
Robert Viseur
 
Comment valoriser les logiciels, le matériel et les oeuvres libres ?
Comment valoriser les logiciels, le matériel et les oeuvres libres ?Comment valoriser les logiciels, le matériel et les oeuvres libres ?
Comment valoriser les logiciels, le matériel et les oeuvres libres ?
Robert Viseur
 

More from Robert Viseur (20)

La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...
La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...
La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...
 
L'écosystème régional du Big Data
L'écosystème régional du Big DataL'écosystème régional du Big Data
L'écosystème régional du Big Data
 
Piloter son appareil photo numérique avec des logiciels libres
Piloter son appareil photo  numérique avec des logiciels  libresPiloter son appareil photo  numérique avec des logiciels  libres
Piloter son appareil photo numérique avec des logiciels libres
 
Exploiter les données issues de Wikipedia
Exploiter les données issues de WikipediaExploiter les données issues de Wikipedia
Exploiter les données issues de Wikipedia
 
De l’open source à l’open cloud
De l’open source à l’open cloudDe l’open source à l’open cloud
De l’open source à l’open cloud
 
Développer ses photos avec RawTherapee
Développer ses photos avec RawTherapeeDévelopper ses photos avec RawTherapee
Développer ses photos avec RawTherapee
 
Convertir ses photos en N/B avec Gimp
Convertir ses photos en N/B avec GimpConvertir ses photos en N/B avec Gimp
Convertir ses photos en N/B avec Gimp
 
L'open hardware : l'ouverture au service de l'innovation
L'open hardware : l'ouverture au service de l'innovationL'open hardware : l'ouverture au service de l'innovation
L'open hardware : l'ouverture au service de l'innovation
 
Pechakucha (Mons) : Street Art à Mons
Pechakucha (Mons) : Street Art à MonsPechakucha (Mons) : Street Art à Mons
Pechakucha (Mons) : Street Art à Mons
 
Analyse des concepts de Fab Lab, Living Lab et Hub créatif
Analyse des concepts de Fab Lab, Living Lab et Hub créatifAnalyse des concepts de Fab Lab, Living Lab et Hub créatif
Analyse des concepts de Fab Lab, Living Lab et Hub créatif
 
Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...
Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...
Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...
 
Etude du secteur des prestataires FLOSS en Belgique
Etude du secteur des prestataires FLOSS en BelgiqueEtude du secteur des prestataires FLOSS en Belgique
Etude du secteur des prestataires FLOSS en Belgique
 
Hacker son appareil photo avec des outils libres
Hacker son appareil photo avec des outils libresHacker son appareil photo avec des outils libres
Hacker son appareil photo avec des outils libres
 
Comment gérer le risque de lock-in technique en cas d'usage de services de cl...
Comment gérer le risque de lock-in technique en cas d'usage de services de cl...Comment gérer le risque de lock-in technique en cas d'usage de services de cl...
Comment gérer le risque de lock-in technique en cas d'usage de services de cl...
 
Hacker son appareil photo, c'est possible !
Hacker son appareil photo, c'est possible !Hacker son appareil photo, c'est possible !
Hacker son appareil photo, c'est possible !
 
Comprendre les licences de logiciels libres
Comprendre les licences de logiciels libresComprendre les licences de logiciels libres
Comprendre les licences de logiciels libres
 
Impact of cloud computing on FOSS editors
Impact of cloud computing on FOSS editorsImpact of cloud computing on FOSS editors
Impact of cloud computing on FOSS editors
 
Une introduction à la co-création dans le domaine des TIC
Une introduction à la co-création dans le domaine des TICUne introduction à la co-création dans le domaine des TIC
Une introduction à la co-création dans le domaine des TIC
 
fOSSa 2013 - Crossroads of openness - Wrap-up talk ! / Ecosystem
fOSSa 2013 - Crossroads of openness - Wrap-up talk ! / EcosystemfOSSa 2013 - Crossroads of openness - Wrap-up talk ! / Ecosystem
fOSSa 2013 - Crossroads of openness - Wrap-up talk ! / Ecosystem
 
Comment valoriser les logiciels, le matériel et les oeuvres libres ?
Comment valoriser les logiciels, le matériel et les oeuvres libres ?Comment valoriser les logiciels, le matériel et les oeuvres libres ?
Comment valoriser les logiciels, le matériel et les oeuvres libres ?
 

Recently uploaded

[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Vadym Kazulkin
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 

Recently uploaded (20)

[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 

Legal analysis of source code

  • 1. [ RMLL 2013, Bruxelles – Thursday 11th July 2013 ] Legal analysis of source code Presenter : Dr Ir Robert Viseur
  • 2. 2 General context • Media coverage about violations of intellectual property in ICT industry. • Intellectual property ? Mainly: • patents, • copyright, • industrial design rights, • trademarks. • Examples: several trial between Apple, Samsung and Nokia about patents, copyright (look&feel) and industrial design rights violation.
  • 3. 3 Free software context (1/2) • Media coverage about free software licenses violation. • Case of gpl-violations.org. • Goal: « The gpl-violations.org project tries to raise public awareness about past and present infringing use(r)s of GPL licensed software » • Case of NeoNova et Israpunt trial in Netherlands. • Mixed development -> trial about the use of closed part (GUI). • URL: http://www.techzine.nl/nieuws/26429/israpunt- beschuldigd-van-softwarediefstal.html.
  • 4. 4 Free software context (2/2) • Case of the election software in Belgium. • Distribution without license but... • One of the files in the source code available under the terms of the GNU GPL 2 license. • URL: https://joinup.ec.europa.eu/news/be-government- publishes-source-code-election-software. • Case of multiple violations in mobile applications store. • Various violations: lack of notices/attribution files (AL), incompatibilities between licenses,... • URL: http://techcrunch.com/2011/03/08/potential-open-source- license-violations-in-android-and-ios-apps/.
  • 5. 5 Protection of computer softwares • No specific law. • Covered by copyright. • Possibility to patent software. • In particular cases in Europe (e.g. industrial process). • Widely used in United States. • Legal rights and duties explained in licenses (contracts). • The licenses are build on copyright but can also refer to commercial brands and patents.
  • 6. 6 Software licenses • Three types of licenses: • Proprietary licenses. • E.g. CLUF for Microsoft softwares. • Hybrid licences (rare). • E.g. former SCSL for Sun Microsystems softwares. • Free software licenses. • E.g. AL, BSD, GPL, LGPL,... • More or less 70 free software licenses.
  • 7. 7 Free software licenses (1/2) • Two families of free software licenses: • Permissive / academic licenses. • Copyleft / restrictive licenses (licenses with reciprocity). • Three types of licenses with reciprocity. • Weak reciprocity. • File-based, or not. • Strong reciprocity. • Network reciprocity.
  • 9. 9 Issues for companies (1/2) • Problem of incompatibilities between free software licenses. • Problem of incompatibily between free software licenses and agreements in marketplaces.
  • 10. 10 Issues for companies (2/2) • Problem of specific obligations in free sofware licenses (e.g. notices, automatic patent license agreement or patent reciprocity, etc.). • Problem of commercial brands and patents. • Problem of developments mixing free and proprietary source codes (e.g. partnerships). • (Problem of « wild » copy and paste behaviors).
  • 11. 11 How to address those issues ? • Introduce corporate governance rules. • See for example the « Open Source Review Board » at Hewlett-Packard (Gobeille, 2008). • Take account of license constraints in the modelling of the software (architecture). • See for example the « Software Architecture License Tracability Analysis » tool based on ArchStudio4 or... • « OSSLI » (Open Source Software Licensing) tool based on Eclipse and Papyrus (Alspaugh et al., 2009; Lokhman et al., 2012). • Conduct a legal analysis of source code. • See for example FOSSology (www.fossology.org).
  • 12. 12 Tools for legal analysis of source code • Proprietary software: Black Duck Software. • Available open source tools: • The most famous: FOSSology (see http://www.fossology.org). • The lightest: Ohcount (see http://www.ohloh.net/p/ohcount). • Others: ASLA (see http://asla.sourceforge.net/), LIDESC (see http://www.mibsoftware.com/librock/lidesc/), etc. • Some criteria of choice: • availability, • ease of installation, • lightness, • support of licenses (+ precision / recall), • community, • updates.
  • 13. 13 Presentation of Ohcount, Find and Grep (1/2) • Ohcount: • Formally: source code line counter. • But...
  • 14. 14 Presentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained in each source code file. • Available in Synaptic. • Find: search for files in a directory hierarchy. • Grep, egrep, fgrep: print lines matching a pattern.
  • 15. 15 What we used • Ohcount for collecting licensing information. • Find and grep for detecting files related to attributions, patents or commercial brands. • List of keywords and... • Matching with filenames or textual content. • Output: report (in HTML format) processed by configurable PHP script.
  • 16. 16 Example 1: simple library • Detection of forgotten licensed files:
  • 17. 17 Example 2: free software suite (1/4) • Detection of attributions (by filename / by content):
  • 18. 18 Example 2: free software suite (2/4) • Detection of commercial brands (by filename / by content):
  • 19. 19 Example 2: free software suite (3/4) • Detection of patents (by filename / by content):
  • 20. 20 Example 2: free software suite (4/4) • Detection of licenses (information from Ohcount) : ?! ?!
  • 21. 21 Limitations of the method • Some crashes with Ohcount in big file trees. • Problem with the version of the license (Ohcount). • Example: GPL v2, GPL v2+ or GPL v3. • Pay attention to the files covered by several licenses. • Pay attention to the list of supported licenses. • Don't be afraid by false positives... • No architectural view. • No recognition of open content (e.g. CC) or open data licenses.
  • 22. 22 Stay tuned • Some planned improvement on the script. • Examples : recognition of CC licenses, better filtering of find/grep outputs, deeper analyze of tables (licenses), etc. • Fast evolution of tools. • Example : FOSSology 2.2.0 released in June 2013. • Interest in integration with source code analysis softwares. • Example: plugin for FOSSology in the wish list of Sonar (www.sonarqube.org). • URL: http://docs.codehaus.org/display/SONAR/Plugins+under+ development.
  • 23. 23 Thanks for your attention. Any questions ?
  • 24. 24 Useful additional readings... • Alspaugh, T.A., Asuncion, H.U., & Scacchi W. (2009), « Intellectual property rights requirements for heterogeneously-licensed systems », 17th IEEE International Requirements Engineering Conference (RE’09), pp. 24–33, Augustus 31 - September 4, 2009. • Gobeille, R. (2008), « The FOSSology project », MSR '08 Proceedings of the 2008 international working conference on Mining software repositories. • Lokhman, A., Luoto, A., Abdul-Rahman, S., & Hammouda, I. (2012), « OSSLI: Architecture Level Management of Open Source Software Legality Concerns », Open Source Systems: Long- Term Sustainability, pp. 356-361, Springer Berlin Heidelberg. • Tuunanen, T., Koskinen, J., & Kärkkäinen, T. (2006). « Retrieving open source software licenses », Open Source Systems, pp. 35-46, Springer US. • Viseur, R. (2011), « La valorisation des logiciels libres en entreprise », Jeudis du Libre, Université de Mons, 15 septembre 2011. • Viseur, R. (2012), « Gérer la propriété intellectuelle dans les projets à base de logiciels libres », 17ème conférence de l'Association Information et Management, Mai 2012.
  • 25. 25 Contact Dr Ir Robert Viseur Email (@CETIC) : robert.viseur@cetic.be Email (@UMONS) : robert.viseur@umons.ac.be Phone : 0032 (0) 479 66 08 76 Website : www.robertviseur.be This presentation is covered by « CC-BY-ND » license.