SlideShare une entreprise Scribd logo

Legal analysis of source code

Robert Viseur
Robert Viseur
Technologie
1  sur  25
Télécharger pour lire hors ligne
[ RMLL 2013, Bruxelles – Thursday 11th July 2013 ] Legal analysis of source code Presenter : Dr Ir Robert Viseur
2 General context • Media coverage about violations of intellectual property in ICT industry. • Intellectual property ? Mainly: • patents, • copyright, • industrial design rights, • trademarks. • Examples: several trial between Apple, Samsung and Nokia about patents, copyright (look&feel) and industrial design rights violation.
3 Free software context (1/2) • Media coverage about free software licenses violation. • Case of gpl-violations.org. • Goal: « The gpl-violations.org project tries to raise public awareness about past and present infringing use(r)s of GPL licensed software » • Case of NeoNova et Israpunt trial in Netherlands. • Mixed development -> trial about the use of closed part (GUI). • URL: http://www.techzine.nl/nieuws/26429/israpunt- beschuldigd-van-softwarediefstal.html.
4 Free software context (2/2) • Case of the election software in Belgium. • Distribution without license but... • One of the files in the source code available under the terms of the GNU GPL 2 license. • URL: https://joinup.ec.europa.eu/news/be-government- publishes-source-code-election-software. • Case of multiple violations in mobile applications store. • Various violations: lack of notices/attribution files (AL), incompatibilities between licenses,... • URL: http://techcrunch.com/2011/03/08/potential-open-source- license-violations-in-android-and-ios-apps/.
5 Protection of computer softwares • No specific law. • Covered by copyright. • Possibility to patent software. • In particular cases in Europe (e.g. industrial process). • Widely used in United States. • Legal rights and duties explained in licenses (contracts). • The licenses are build on copyright but can also refer to commercial brands and patents.
6 Software licenses • Three types of licenses: • Proprietary licenses. • E.g. CLUF for Microsoft softwares. • Hybrid licences (rare). • E.g. former SCSL for Sun Microsystems softwares. • Free software licenses. • E.g. AL, BSD, GPL, LGPL,... • More or less 70 free software licenses.
7 Free software licenses (1/2) • Two families of free software licenses: • Permissive / academic licenses. • Copyleft / restrictive licenses (licenses with reciprocity). • Three types of licenses with reciprocity. • Weak reciprocity. • File-based, or not. • Strong reciprocity. • Network reciprocity.
8 Free software licenses (2/2)
9 Issues for companies (1/2) • Problem of incompatibilities between free software licenses. • Problem of incompatibily between free software licenses and agreements in marketplaces.
10 Issues for companies (2/2) • Problem of specific obligations in free sofware licenses (e.g. notices, automatic patent license agreement or patent reciprocity, etc.). • Problem of commercial brands and patents. • Problem of developments mixing free and proprietary source codes (e.g. partnerships). • (Problem of « wild » copy and paste behaviors).
11 How to address those issues ? • Introduce corporate governance rules. • See for example the « Open Source Review Board » at Hewlett-Packard (Gobeille, 2008). • Take account of license constraints in the modelling of the software (architecture). • See for example the « Software Architecture License Tracability Analysis » tool based on ArchStudio4 or... • « OSSLI » (Open Source Software Licensing) tool based on Eclipse and Papyrus (Alspaugh et al., 2009; Lokhman et al., 2012). • Conduct a legal analysis of source code. • See for example FOSSology (www.fossology.org).
12 Tools for legal analysis of source code • Proprietary software: Black Duck Software. • Available open source tools: • The most famous: FOSSology (see http://www.fossology.org). • The lightest: Ohcount (see http://www.ohloh.net/p/ohcount). • Others: ASLA (see http://asla.sourceforge.net/), LIDESC (see http://www.mibsoftware.com/librock/lidesc/), etc. • Some criteria of choice: • availability, • ease of installation, • lightness, • support of licenses (+ precision / recall), • community, • updates.
13 Presentation of Ohcount, Find and Grep (1/2) • Ohcount: • Formally: source code line counter. • But...
14 Presentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained in each source code file. • Available in Synaptic. • Find: search for files in a directory hierarchy. • Grep, egrep, fgrep: print lines matching a pattern.
15 What we used • Ohcount for collecting licensing information. • Find and grep for detecting files related to attributions, patents or commercial brands. • List of keywords and... • Matching with filenames or textual content. • Output: report (in HTML format) processed by configurable PHP script.
16 Example 1: simple library • Detection of forgotten licensed files:
17 Example 2: free software suite (1/4) • Detection of attributions (by filename / by content):
18 Example 2: free software suite (2/4) • Detection of commercial brands (by filename / by content):
19 Example 2: free software suite (3/4) • Detection of patents (by filename / by content):
20 Example 2: free software suite (4/4) • Detection of licenses (information from Ohcount) : ?! ?!
21 Limitations of the method • Some crashes with Ohcount in big file trees. • Problem with the version of the license (Ohcount). • Example: GPL v2, GPL v2+ or GPL v3. • Pay attention to the files covered by several licenses. • Pay attention to the list of supported licenses. • Don't be afraid by false positives... • No architectural view. • No recognition of open content (e.g. CC) or open data licenses.
22 Stay tuned • Some planned improvement on the script. • Examples : recognition of CC licenses, better filtering of find/grep outputs, deeper analyze of tables (licenses), etc. • Fast evolution of tools. • Example : FOSSology 2.2.0 released in June 2013. • Interest in integration with source code analysis softwares. • Example: plugin for FOSSology in the wish list of Sonar (www.sonarqube.org). • URL: http://docs.codehaus.org/display/SONAR/Plugins+under+ development.
23 Thanks for your attention. Any questions ?
24 Useful additional readings... • Alspaugh, T.A., Asuncion, H.U., & Scacchi W. (2009), « Intellectual property rights requirements for heterogeneously-licensed systems », 17th IEEE International Requirements Engineering Conference (RE’09), pp. 24–33, Augustus 31 - September 4, 2009. • Gobeille, R. (2008), « The FOSSology project », MSR '08 Proceedings of the 2008 international working conference on Mining software repositories. • Lokhman, A., Luoto, A., Abdul-Rahman, S., & Hammouda, I. (2012), « OSSLI: Architecture Level Management of Open Source Software Legality Concerns », Open Source Systems: Long- Term Sustainability, pp. 356-361, Springer Berlin Heidelberg. • Tuunanen, T., Koskinen, J., & Kärkkäinen, T. (2006). « Retrieving open source software licenses », Open Source Systems, pp. 35-46, Springer US. • Viseur, R. (2011), « La valorisation des logiciels libres en entreprise », Jeudis du Libre, Université de Mons, 15 septembre 2011. • Viseur, R. (2012), « Gérer la propriété intellectuelle dans les projets à base de logiciels libres », 17ème conférence de l'Association Information et Management, Mai 2012.
25 Contact Dr Ir Robert Viseur Email (@CETIC) : robert.viseur@cetic.be Email (@UMONS) : robert.viseur@umons.ac.be Phone : 0032 (0) 479 66 08 76 Website : www.robertviseur.be This presentation is covered by « CC-BY-ND » license.

Recommandé

nexB - FOSS Introduction
nexB - FOSS IntroductionnexB - FOSS Introduction
nexB - FOSS IntroductionnexB Inc.
 
nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product releasenexB Inc.
 
Degrees of Freedom
Degrees of FreedomDegrees of Freedom
Degrees of FreedomJohan Thelin
 
Patent search analysis and report
Patent search analysis and reportPatent search analysis and report
Patent search analysis and reportYash Patel
 
Methods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics EnvironmentsMethods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics Environmentspiccimario
 
PHPUnit Cheat Sheet
PHPUnit Cheat SheetPHPUnit Cheat Sheet
PHPUnit Cheat SheetIan Monge Pérez
 
Open Source Software Licenses (for humans)
Open Source Software Licenses (for humans)Open Source Software Licenses (for humans)
Open Source Software Licenses (for humans)Shijie Feng
 
Exploring open source licenses
Exploring open source licensesExploring open source licenses
Exploring open source licensesMukarram Baig
 

Recommandé

nexB - FOSS Introduction
nexB - FOSS IntroductionnexB - FOSS Introduction
nexB - FOSS IntroductionnexB Inc.
 
nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product releasenexB Inc.
 
Degrees of Freedom
Degrees of FreedomDegrees of Freedom
Degrees of FreedomJohan Thelin
 
Patent search analysis and report
Patent search analysis and reportPatent search analysis and report
Patent search analysis and reportYash Patel
 
Methods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics EnvironmentsMethods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics Environmentspiccimario
 
PHPUnit Cheat Sheet
PHPUnit Cheat SheetPHPUnit Cheat Sheet
PHPUnit Cheat SheetIan Monge Pérez
 
Open Source Software Licenses (for humans)
Open Source Software Licenses (for humans)Open Source Software Licenses (for humans)
Open Source Software Licenses (for humans)Shijie Feng
 
Exploring open source licenses
Exploring open source licensesExploring open source licenses
Exploring open source licensesMukarram Baig
 
Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)dmgerman
 
Using oss at an internet company and hacker culture; Linux Enterprise Users M...
Using oss at an internet company and hacker culture; Linux Enterprise Users M...Using oss at an internet company and hacker culture; Linux Enterprise Users M...
Using oss at an internet company and hacker culture; Linux Enterprise Users M...Hiro Yoshioka
 
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01Hiro Yoshioka
 
Business models of open hardware
Business models of open hardwareBusiness models of open hardware
Business models of open hardwareRobert Viseur
 
Open Source Hardware for Dummies
Open Source Hardware for DummiesOpen Source Hardware for Dummies
Open Source Hardware for DummiesRobert Viseur
 
Open Source & Open Development
Open Source & Open Development Open Source & Open Development
Open Source & Open Development Sander van der Waal
 
L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)Robert Viseur
 
HP Fossology v5.3
HP Fossology v5.3HP Fossology v5.3
HP Fossology v5.3fOSSa - Free Open Source Software Academia Conference
 
Open source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingOpen source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingMerlien Institute
 
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...sparkfabrik
 
An Open Source Workshop
An Open Source WorkshopAn Open Source Workshop
An Open Source Workshophalehmahbod
 
A Method to Detect License Inconsistencies for Large-Scale Open Source Projects
A Method to Detect License Inconsistencies for Large-Scale Open Source ProjectsA Method to Detect License Inconsistencies for Large-Scale Open Source Projects
A Method to Detect License Inconsistencies for Large-Scale Open Source ProjectsYuhao Wu
 
01 Richard Owens W I P O
01 Richard Owens W I P O01 Richard Owens W I P O
01 Richard Owens W I P OHeidy Balanta
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackAaron G. Sauers, CLP
 
Open Development
Open DevelopmentOpen Development
Open DevelopmentJody Garnett
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementSebastiano Cobianco
 
Open Source and Accesssiblity - t12t meetup 181122
Open Source and Accesssiblity - t12t meetup 181122Open Source and Accesssiblity - t12t meetup 181122
Open Source and Accesssiblity - t12t meetup 181122Erik Zetterström
 
Ubucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSSUbucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSSNuno Brito
 
Using Open Source for Enterprise
Using Open Source for EnterpriseUsing Open Source for Enterprise
Using Open Source for EnterpriseEric Fesler
 
Open Source Software Concepts
Open Source Software ConceptsOpen Source Software Concepts
Open Source Software ConceptsJITENDRA LENKA
 
La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...
La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...
La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...Robert Viseur
 
L'écosystème régional du Big Data
L'écosystème régional du Big DataL'écosystème régional du Big Data
L'écosystème régional du Big DataRobert Viseur
 

Contenu connexe

Similaire à Legal analysis of source code

Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)dmgerman
 
Using oss at an internet company and hacker culture; Linux Enterprise Users M...
Using oss at an internet company and hacker culture; Linux Enterprise Users M...Using oss at an internet company and hacker culture; Linux Enterprise Users M...
Using oss at an internet company and hacker culture; Linux Enterprise Users M...Hiro Yoshioka
 
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01Hiro Yoshioka
 
Business models of open hardware
Business models of open hardwareBusiness models of open hardware
Business models of open hardwareRobert Viseur
 
Open Source Hardware for Dummies
Open Source Hardware for DummiesOpen Source Hardware for Dummies
Open Source Hardware for DummiesRobert Viseur
 
L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)Robert Viseur
 
Open source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingOpen source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingMerlien Institute
 
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...sparkfabrik
 
An Open Source Workshop
An Open Source WorkshopAn Open Source Workshop
An Open Source Workshophalehmahbod
 
A Method to Detect License Inconsistencies for Large-Scale Open Source Projects
A Method to Detect License Inconsistencies for Large-Scale Open Source ProjectsA Method to Detect License Inconsistencies for Large-Scale Open Source Projects
A Method to Detect License Inconsistencies for Large-Scale Open Source ProjectsYuhao Wu
 
01 Richard Owens W I P O
01 Richard Owens W I P O01 Richard Owens W I P O
01 Richard Owens W I P OHeidy Balanta
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackAaron G. Sauers, CLP
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementSebastiano Cobianco
 
Open Source and Accesssiblity - t12t meetup 181122
Open Source and Accesssiblity - t12t meetup 181122Open Source and Accesssiblity - t12t meetup 181122
Open Source and Accesssiblity - t12t meetup 181122Erik Zetterström
 
Ubucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSSUbucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSSNuno Brito
 
Using Open Source for Enterprise
Using Open Source for EnterpriseUsing Open Source for Enterprise
Using Open Source for EnterpriseEric Fesler
 
Open Source Software Concepts
Open Source Software ConceptsOpen Source Software Concepts
Open Source Software ConceptsJITENDRA LENKA
 

Similaire à Legal analysis of source code (20)

Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)
 
Using oss at an internet company and hacker culture; Linux Enterprise Users M...
Using oss at an internet company and hacker culture; Linux Enterprise Users M...Using oss at an internet company and hacker culture; Linux Enterprise Users M...
Using oss at an internet company and hacker culture; Linux Enterprise Users M...
 
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01
Using oss and hacker culture at an internet company at osc/tokyo 2014/03/01
 
Business models of open hardware
Business models of open hardwareBusiness models of open hardware
Business models of open hardware
 
Open Source Hardware for Dummies
Open Source Hardware for DummiesOpen Source Hardware for Dummies
Open Source Hardware for Dummies
 
Open Source & Open Development
Open Source & Open Development Open Source & Open Development
Open Source & Open Development
 
L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)
 
HP Fossology v5.3
HP Fossology v5.3HP Fossology v5.3
HP Fossology v5.3
 
Open source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingOpen source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missing
 
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
 
An Open Source Workshop
An Open Source WorkshopAn Open Source Workshop
An Open Source Workshop
 
A Method to Detect License Inconsistencies for Large-Scale Open Source Projects
A Method to Detect License Inconsistencies for Large-Scale Open Source ProjectsA Method to Detect License Inconsistencies for Large-Scale Open Source Projects
A Method to Detect License Inconsistencies for Large-Scale Open Source Projects
 
01 Richard Owens W I P O
01 Richard Owens W I P O01 Richard Owens W I P O
01 Richard Owens W I P O
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP Track
 
Open Development
Open DevelopmentOpen Development
Open Development
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk Management
 
Open Source and Accesssiblity - t12t meetup 181122
Open Source and Accesssiblity - t12t meetup 181122Open Source and Accesssiblity - t12t meetup 181122
Open Source and Accesssiblity - t12t meetup 181122
 
Ubucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSSUbucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSS
 
Using Open Source for Enterprise
Using Open Source for EnterpriseUsing Open Source for Enterprise
Using Open Source for Enterprise
 
Open Source Software Concepts
Open Source Software ConceptsOpen Source Software Concepts
Open Source Software Concepts
 

Plus de Robert Viseur

La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...
La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...
La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...Robert Viseur
 
L'écosystème régional du Big Data
L'écosystème régional du Big DataL'écosystème régional du Big Data
L'écosystème régional du Big DataRobert Viseur
 
Piloter son appareil photo numérique avec des logiciels libres
Piloter son appareil photo numérique avec des logiciels libresPiloter son appareil photo numérique avec des logiciels libres
Piloter son appareil photo numérique avec des logiciels libresRobert Viseur
 
Exploiter les données issues de Wikipedia
Exploiter les données issues de WikipediaExploiter les données issues de Wikipedia
Exploiter les données issues de WikipediaRobert Viseur
 
De l’open source à l’open cloud
De l’open source à l’open cloudDe l’open source à l’open cloud
De l’open source à l’open cloudRobert Viseur
 
Développer ses photos avec RawTherapee
Développer ses photos avec RawTherapeeDévelopper ses photos avec RawTherapee
Développer ses photos avec RawTherapeeRobert Viseur
 
Convertir ses photos en N/B avec Gimp
Convertir ses photos en N/B avec GimpConvertir ses photos en N/B avec Gimp
Convertir ses photos en N/B avec GimpRobert Viseur
 
L'open hardware : l'ouverture au service de l'innovation
L'open hardware : l'ouverture au service de l'innovationL'open hardware : l'ouverture au service de l'innovation
L'open hardware : l'ouverture au service de l'innovationRobert Viseur
 
Pechakucha (Mons) : Street Art à Mons
Pechakucha (Mons) : Street Art à MonsPechakucha (Mons) : Street Art à Mons
Pechakucha (Mons) : Street Art à MonsRobert Viseur
 
Analyse des concepts de Fab Lab, Living Lab et Hub créatif
Analyse des concepts de Fab Lab, Living Lab et Hub créatifAnalyse des concepts de Fab Lab, Living Lab et Hub créatif
Analyse des concepts de Fab Lab, Living Lab et Hub créatifRobert Viseur
 
Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...
Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...
Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...Robert Viseur
 
Etude du secteur des prestataires FLOSS en Belgique
Etude du secteur des prestataires FLOSS en BelgiqueEtude du secteur des prestataires FLOSS en Belgique
Etude du secteur des prestataires FLOSS en BelgiqueRobert Viseur
 
Hacker son appareil photo avec des outils libres
Hacker son appareil photo avec des outils libresHacker son appareil photo avec des outils libres
Hacker son appareil photo avec des outils libresRobert Viseur
 
Comment gérer le risque de lock-in technique en cas d'usage de services de cl...
Comment gérer le risque de lock-in technique en cas d'usage de services de cl...Comment gérer le risque de lock-in technique en cas d'usage de services de cl...
Comment gérer le risque de lock-in technique en cas d'usage de services de cl...Robert Viseur
 
Hacker son appareil photo, c'est possible !
Hacker son appareil photo, c'est possible !Hacker son appareil photo, c'est possible !
Hacker son appareil photo, c'est possible !Robert Viseur
 
Comprendre les licences de logiciels libres
Comprendre les licences de logiciels libresComprendre les licences de logiciels libres
Comprendre les licences de logiciels libresRobert Viseur
 
Impact of cloud computing on FOSS editors
Impact of cloud computing on FOSS editorsImpact of cloud computing on FOSS editors
Impact of cloud computing on FOSS editorsRobert Viseur
 
Une introduction à la co-création dans le domaine des TIC
Une introduction à la co-création dans le domaine des TICUne introduction à la co-création dans le domaine des TIC
Une introduction à la co-création dans le domaine des TICRobert Viseur
 
fOSSa 2013 - Crossroads of openness - Wrap-up talk ! / Ecosystem
fOSSa 2013 - Crossroads of openness - Wrap-up talk ! / EcosystemfOSSa 2013 - Crossroads of openness - Wrap-up talk ! / Ecosystem
fOSSa 2013 - Crossroads of openness - Wrap-up talk ! / EcosystemRobert Viseur
 
Comment valoriser les logiciels, le matériel et les oeuvres libres ?
Comment valoriser les logiciels, le matériel et les oeuvres libres ?Comment valoriser les logiciels, le matériel et les oeuvres libres ?
Comment valoriser les logiciels, le matériel et les oeuvres libres ?Robert Viseur
 

Plus de Robert Viseur (20)

La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...
La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...
La PI dans les espaces de co-création et d'innovation ouverte. Propriété inte...
 
L'écosystème régional du Big Data
L'écosystème régional du Big DataL'écosystème régional du Big Data
L'écosystème régional du Big Data
 
Piloter son appareil photo numérique avec des logiciels libres
Piloter son appareil photo numérique avec des logiciels libresPiloter son appareil photo numérique avec des logiciels libres
Piloter son appareil photo numérique avec des logiciels libres
 
Exploiter les données issues de Wikipedia
Exploiter les données issues de WikipediaExploiter les données issues de Wikipedia
Exploiter les données issues de Wikipedia
 
De l’open source à l’open cloud
De l’open source à l’open cloudDe l’open source à l’open cloud
De l’open source à l’open cloud
 
Développer ses photos avec RawTherapee
Développer ses photos avec RawTherapeeDévelopper ses photos avec RawTherapee
Développer ses photos avec RawTherapee
 
Convertir ses photos en N/B avec Gimp
Convertir ses photos en N/B avec GimpConvertir ses photos en N/B avec Gimp
Convertir ses photos en N/B avec Gimp
 
L'open hardware : l'ouverture au service de l'innovation
L'open hardware : l'ouverture au service de l'innovationL'open hardware : l'ouverture au service de l'innovation
L'open hardware : l'ouverture au service de l'innovation
 
Pechakucha (Mons) : Street Art à Mons
Pechakucha (Mons) : Street Art à MonsPechakucha (Mons) : Street Art à Mons
Pechakucha (Mons) : Street Art à Mons
 
Analyse des concepts de Fab Lab, Living Lab et Hub créatif
Analyse des concepts de Fab Lab, Living Lab et Hub créatifAnalyse des concepts de Fab Lab, Living Lab et Hub créatif
Analyse des concepts de Fab Lab, Living Lab et Hub créatif
 
Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...
Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...
Pratiques innovantes dans le secteur automobile: du champion de produit à l'i...
 
Etude du secteur des prestataires FLOSS en Belgique
Etude du secteur des prestataires FLOSS en BelgiqueEtude du secteur des prestataires FLOSS en Belgique
Etude du secteur des prestataires FLOSS en Belgique
 
Hacker son appareil photo avec des outils libres
Hacker son appareil photo avec des outils libresHacker son appareil photo avec des outils libres
Hacker son appareil photo avec des outils libres
 
Comment gérer le risque de lock-in technique en cas d'usage de services de cl...
Comment gérer le risque de lock-in technique en cas d'usage de services de cl...Comment gérer le risque de lock-in technique en cas d'usage de services de cl...
Comment gérer le risque de lock-in technique en cas d'usage de services de cl...
 
Hacker son appareil photo, c'est possible !
Hacker son appareil photo, c'est possible !Hacker son appareil photo, c'est possible !
Hacker son appareil photo, c'est possible !
 
Comprendre les licences de logiciels libres
Comprendre les licences de logiciels libresComprendre les licences de logiciels libres
Comprendre les licences de logiciels libres
 
Impact of cloud computing on FOSS editors
Impact of cloud computing on FOSS editorsImpact of cloud computing on FOSS editors
Impact of cloud computing on FOSS editors
 
Une introduction à la co-création dans le domaine des TIC
Une introduction à la co-création dans le domaine des TICUne introduction à la co-création dans le domaine des TIC
Une introduction à la co-création dans le domaine des TIC
 
fOSSa 2013 - Crossroads of openness - Wrap-up talk ! / Ecosystem
fOSSa 2013 - Crossroads of openness - Wrap-up talk ! / EcosystemfOSSa 2013 - Crossroads of openness - Wrap-up talk ! / Ecosystem
fOSSa 2013 - Crossroads of openness - Wrap-up talk ! / Ecosystem
 
Comment valoriser les logiciels, le matériel et les oeuvres libres ?
Comment valoriser les logiciels, le matériel et les oeuvres libres ?Comment valoriser les logiciels, le matériel et les oeuvres libres ?
Comment valoriser les logiciels, le matériel et les oeuvres libres ?
 

Dernier

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 

Legal analysis of source code

  • 1. [ RMLL 2013, Bruxelles – Thursday 11th July 2013 ] Legal analysis of source code Presenter : Dr Ir Robert Viseur
  • 2. 2 General context • Media coverage about violations of intellectual property in ICT industry. • Intellectual property ? Mainly: • patents, • copyright, • industrial design rights, • trademarks. • Examples: several trial between Apple, Samsung and Nokia about patents, copyright (look&feel) and industrial design rights violation.
  • 3. 3 Free software context (1/2) • Media coverage about free software licenses violation. • Case of gpl-violations.org. • Goal: « The gpl-violations.org project tries to raise public awareness about past and present infringing use(r)s of GPL licensed software » • Case of NeoNova et Israpunt trial in Netherlands. • Mixed development -> trial about the use of closed part (GUI). • URL: http://www.techzine.nl/nieuws/26429/israpunt- beschuldigd-van-softwarediefstal.html.
  • 4. 4 Free software context (2/2) • Case of the election software in Belgium. • Distribution without license but... • One of the files in the source code available under the terms of the GNU GPL 2 license. • URL: https://joinup.ec.europa.eu/news/be-government- publishes-source-code-election-software. • Case of multiple violations in mobile applications store. • Various violations: lack of notices/attribution files (AL), incompatibilities between licenses,... • URL: http://techcrunch.com/2011/03/08/potential-open-source- license-violations-in-android-and-ios-apps/.
  • 5. 5 Protection of computer softwares • No specific law. • Covered by copyright. • Possibility to patent software. • In particular cases in Europe (e.g. industrial process). • Widely used in United States. • Legal rights and duties explained in licenses (contracts). • The licenses are build on copyright but can also refer to commercial brands and patents.
  • 6. 6 Software licenses • Three types of licenses: • Proprietary licenses. • E.g. CLUF for Microsoft softwares. • Hybrid licences (rare). • E.g. former SCSL for Sun Microsystems softwares. • Free software licenses. • E.g. AL, BSD, GPL, LGPL,... • More or less 70 free software licenses.
  • 7. 7 Free software licenses (1/2) • Two families of free software licenses: • Permissive / academic licenses. • Copyleft / restrictive licenses (licenses with reciprocity). • Three types of licenses with reciprocity. • Weak reciprocity. • File-based, or not. • Strong reciprocity. • Network reciprocity.
  • 9. 9 Issues for companies (1/2) • Problem of incompatibilities between free software licenses. • Problem of incompatibily between free software licenses and agreements in marketplaces.
  • 10. 10 Issues for companies (2/2) • Problem of specific obligations in free sofware licenses (e.g. notices, automatic patent license agreement or patent reciprocity, etc.). • Problem of commercial brands and patents. • Problem of developments mixing free and proprietary source codes (e.g. partnerships). • (Problem of « wild » copy and paste behaviors).
  • 11. 11 How to address those issues ? • Introduce corporate governance rules. • See for example the « Open Source Review Board » at Hewlett-Packard (Gobeille, 2008). • Take account of license constraints in the modelling of the software (architecture). • See for example the « Software Architecture License Tracability Analysis » tool based on ArchStudio4 or... • « OSSLI » (Open Source Software Licensing) tool based on Eclipse and Papyrus (Alspaugh et al., 2009; Lokhman et al., 2012). • Conduct a legal analysis of source code. • See for example FOSSology (www.fossology.org).
  • 12. 12 Tools for legal analysis of source code • Proprietary software: Black Duck Software. • Available open source tools: • The most famous: FOSSology (see http://www.fossology.org). • The lightest: Ohcount (see http://www.ohloh.net/p/ohcount). • Others: ASLA (see http://asla.sourceforge.net/), LIDESC (see http://www.mibsoftware.com/librock/lidesc/), etc. • Some criteria of choice: • availability, • ease of installation, • lightness, • support of licenses (+ precision / recall), • community, • updates.
  • 13. 13 Presentation of Ohcount, Find and Grep (1/2) • Ohcount: • Formally: source code line counter. • But...
  • 14. 14 Presentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained in each source code file. • Available in Synaptic. • Find: search for files in a directory hierarchy. • Grep, egrep, fgrep: print lines matching a pattern.
  • 15. 15 What we used • Ohcount for collecting licensing information. • Find and grep for detecting files related to attributions, patents or commercial brands. • List of keywords and... • Matching with filenames or textual content. • Output: report (in HTML format) processed by configurable PHP script.
  • 16. 16 Example 1: simple library • Detection of forgotten licensed files:
  • 17. 17 Example 2: free software suite (1/4) • Detection of attributions (by filename / by content):
  • 18. 18 Example 2: free software suite (2/4) • Detection of commercial brands (by filename / by content):
  • 19. 19 Example 2: free software suite (3/4) • Detection of patents (by filename / by content):
  • 20. 20 Example 2: free software suite (4/4) • Detection of licenses (information from Ohcount) : ?! ?!
  • 21. 21 Limitations of the method • Some crashes with Ohcount in big file trees. • Problem with the version of the license (Ohcount). • Example: GPL v2, GPL v2+ or GPL v3. • Pay attention to the files covered by several licenses. • Pay attention to the list of supported licenses. • Don't be afraid by false positives... • No architectural view. • No recognition of open content (e.g. CC) or open data licenses.
  • 22. 22 Stay tuned • Some planned improvement on the script. • Examples : recognition of CC licenses, better filtering of find/grep outputs, deeper analyze of tables (licenses), etc. • Fast evolution of tools. • Example : FOSSology 2.2.0 released in June 2013. • Interest in integration with source code analysis softwares. • Example: plugin for FOSSology in the wish list of Sonar (www.sonarqube.org). • URL: http://docs.codehaus.org/display/SONAR/Plugins+under+ development.
  • 23. 23 Thanks for your attention. Any questions ?
  • 24. 24 Useful additional readings... • Alspaugh, T.A., Asuncion, H.U., & Scacchi W. (2009), « Intellectual property rights requirements for heterogeneously-licensed systems », 17th IEEE International Requirements Engineering Conference (RE’09), pp. 24–33, Augustus 31 - September 4, 2009. • Gobeille, R. (2008), « The FOSSology project », MSR '08 Proceedings of the 2008 international working conference on Mining software repositories. • Lokhman, A., Luoto, A., Abdul-Rahman, S., & Hammouda, I. (2012), « OSSLI: Architecture Level Management of Open Source Software Legality Concerns », Open Source Systems: Long- Term Sustainability, pp. 356-361, Springer Berlin Heidelberg. • Tuunanen, T., Koskinen, J., & Kärkkäinen, T. (2006). « Retrieving open source software licenses », Open Source Systems, pp. 35-46, Springer US. • Viseur, R. (2011), « La valorisation des logiciels libres en entreprise », Jeudis du Libre, Université de Mons, 15 septembre 2011. • Viseur, R. (2012), « Gérer la propriété intellectuelle dans les projets à base de logiciels libres », 17ème conférence de l'Association Information et Management, Mai 2012.
  • 25. 25 Contact Dr Ir Robert Viseur Email (@CETIC) : robert.viseur@cetic.be Email (@UMONS) : robert.viseur@umons.ac.be Phone : 0032 (0) 479 66 08 76 Website : www.robertviseur.be This presentation is covered by « CC-BY-ND » license.