Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Legal analysis of source code
1. [ RMLL 2013, Bruxelles – Thursday 11th
July 2013 ]
Legal analysis of source code
Presenter : Dr Ir Robert Viseur
2. 2
General context
• Media coverage about violations of intellectual
property in ICT industry.
• Intellectual property ? Mainly:
• patents,
• copyright,
• industrial design rights,
• trademarks.
• Examples: several trial between Apple, Samsung
and Nokia about patents, copyright (look&feel)
and industrial design rights violation.
3. 3
Free software context (1/2)
• Media coverage about free software licenses
violation.
• Case of gpl-violations.org.
• Goal: « The gpl-violations.org project tries to raise public
awareness about past and present infringing use(r)s of GPL
licensed software »
• Case of NeoNova et Israpunt trial in Netherlands.
• Mixed development -> trial about the use of closed part
(GUI).
• URL: http://www.techzine.nl/nieuws/26429/israpunt-
beschuldigd-van-softwarediefstal.html.
4. 4
Free software context (2/2)
• Case of the election software in Belgium.
• Distribution without license but...
• One of the files in the source code available under the terms of the
GNU GPL 2 license.
• URL: https://joinup.ec.europa.eu/news/be-government-
publishes-source-code-election-software.
• Case of multiple violations in mobile applications store.
• Various violations: lack of notices/attribution files (AL),
incompatibilities between licenses,...
• URL: http://techcrunch.com/2011/03/08/potential-open-source-
license-violations-in-android-and-ios-apps/.
5. 5
Protection of computer softwares
• No specific law.
• Covered by copyright.
• Possibility to patent software.
• In particular cases in Europe (e.g. industrial
process).
• Widely used in United States.
• Legal rights and duties explained in licenses
(contracts).
• The licenses are build on copyright but can also
refer to commercial brands and patents.
6. 6
Software licenses
• Three types of licenses:
• Proprietary licenses.
• E.g. CLUF for Microsoft softwares.
• Hybrid licences (rare).
• E.g. former SCSL for Sun Microsystems softwares.
• Free software licenses.
• E.g. AL, BSD, GPL, LGPL,...
• More or less 70 free software licenses.
7. 7
Free software licenses (1/2)
• Two families of free software licenses:
• Permissive / academic licenses.
• Copyleft / restrictive licenses (licenses with
reciprocity).
• Three types of licenses with reciprocity.
• Weak reciprocity.
• File-based, or not.
• Strong reciprocity.
• Network reciprocity.
9. 9
Issues for companies (1/2)
• Problem of incompatibilities
between free software
licenses.
• Problem of incompatibily
between free software licenses
and agreements in
marketplaces.
10. 10
Issues for companies (2/2)
• Problem of specific obligations in free sofware
licenses (e.g. notices, automatic patent license
agreement or patent reciprocity, etc.).
• Problem of commercial brands and patents.
• Problem of developments mixing free and
proprietary source codes (e.g. partnerships).
• (Problem of « wild » copy and paste behaviors).
11. 11
How to address those issues ?
• Introduce corporate governance rules.
• See for example the « Open Source Review Board » at
Hewlett-Packard (Gobeille, 2008).
• Take account of license constraints in the modelling of
the software (architecture).
• See for example the « Software Architecture License
Tracability Analysis » tool based on ArchStudio4 or...
• « OSSLI » (Open Source Software Licensing) tool based on
Eclipse and Papyrus (Alspaugh et al., 2009; Lokhman et
al., 2012).
• Conduct a legal analysis of source code.
• See for example FOSSology (www.fossology.org).
12. 12
Tools for legal analysis
of source code
• Proprietary software: Black Duck Software.
• Available open source tools:
• The most famous: FOSSology (see http://www.fossology.org).
• The lightest: Ohcount (see http://www.ohloh.net/p/ohcount).
• Others: ASLA (see http://asla.sourceforge.net/), LIDESC (see
http://www.mibsoftware.com/librock/lidesc/), etc.
• Some criteria of choice:
• availability,
• ease of installation,
• lightness,
• support of licenses (+ precision / recall),
• community,
• updates.
14. 14
Presentation of Ohcount,
Find and Grep (2/2)
• Ohcount:
• Option « -l, --license » : display detected licensing
information contained in each source code file.
• Available in Synaptic.
• Find: search for files in a directory hierarchy.
• Grep, egrep, fgrep: print lines matching a pattern.
15. 15
What we used
• Ohcount for collecting licensing information.
• Find and grep for detecting files related to
attributions, patents or commercial brands.
• List of keywords and...
• Matching with filenames or textual content.
• Output: report (in HTML format) processed by
configurable PHP script.
17. 17
Example 2: free software suite
(1/4)
• Detection of attributions (by filename / by
content):
18. 18
Example 2: free software suite
(2/4)
• Detection of commercial brands (by filename / by
content):
19. 19
Example 2: free software suite
(3/4)
• Detection of patents (by filename / by content):
20. 20
Example 2: free software suite
(4/4)
• Detection of licenses (information from Ohcount) :
?!
?!
21. 21
Limitations of the method
• Some crashes with Ohcount in big file trees.
• Problem with the version of the license (Ohcount).
• Example: GPL v2, GPL v2+ or GPL v3.
• Pay attention to the files covered by several
licenses.
• Pay attention to the list of supported licenses.
• Don't be afraid by false positives...
• No architectural view.
• No recognition of open content (e.g. CC) or open
data licenses.
22. 22
Stay tuned
• Some planned improvement on the script.
• Examples : recognition of CC licenses, better filtering of
find/grep outputs, deeper analyze of tables (licenses), etc.
• Fast evolution of tools.
• Example : FOSSology 2.2.0 released in June 2013.
• Interest in integration with source code analysis softwares.
• Example: plugin for FOSSology in the wish list of Sonar
(www.sonarqube.org).
• URL:
http://docs.codehaus.org/display/SONAR/Plugins+under+
development.
24. 24
Useful additional readings...
• Alspaugh, T.A., Asuncion, H.U., & Scacchi W. (2009), « Intellectual property rights
requirements for heterogeneously-licensed systems », 17th IEEE International Requirements
Engineering Conference (RE’09), pp. 24–33, Augustus 31 - September 4, 2009.
• Gobeille, R. (2008), « The FOSSology project », MSR '08 Proceedings of the 2008 international
working conference on Mining software repositories.
• Lokhman, A., Luoto, A., Abdul-Rahman, S., & Hammouda, I. (2012), « OSSLI: Architecture
Level Management of Open Source Software Legality Concerns », Open Source Systems: Long-
Term Sustainability, pp. 356-361, Springer Berlin Heidelberg.
• Tuunanen, T., Koskinen, J., & Kärkkäinen, T. (2006). « Retrieving open source software
licenses », Open Source Systems, pp. 35-46, Springer US.
• Viseur, R. (2011), « La valorisation des logiciels libres en entreprise », Jeudis du Libre,
Université de Mons, 15 septembre 2011.
• Viseur, R. (2012), « Gérer la propriété intellectuelle dans les projets à base de logiciels
libres », 17ème conférence de l'Association Information et Management, Mai 2012.
25. 25
Contact
Dr Ir Robert Viseur
Email (@CETIC) : robert.viseur@cetic.be
Email (@UMONS) : robert.viseur@umons.ac.be
Phone : 0032 (0) 479 66 08 76
Website : www.robertviseur.be
This presentation is covered by « CC-BY-ND » license.