SlideShare uma empresa Scribd logo
1 de 24
Baixar para ler offline
On the provenance of Free and Open
Source Software and the legal
implications of its reuse
based on A Method for Open Source License Compliance of
Java Applications, IEEE Software
May-June 2012 (vol. 29 no. 3)
Daniel M German
Professor
Department of Computer Science
University of Victoria
IP is an engineering problem too
● Sure, Intellectual Property is the realm of
lawyers
● But software engineers have to fix it.
Open Source
● Open Source
– software licensed under an open source license
●
Open source LicenseOpen source License
– allows the creation of derivative works
– and their redistribution
As long as some conditions are satisfied
Reuse and Open Source
● FOSS materialized Component-Off-The-Shelf
software engineering
– Huge pool of components ready to be used
– Free but with a price:
● Comply with the license
FOSS is everywhere today
● Used by both organizations and
individuals
– Part of many commercial products
● OS X, Android, many embedded devices
● Created by many commercial companies
– Apple, Google, HP, Ebay, Amazon,
Samsung, IBM, TI, Oracle, etc.
“The way software is built is changing”
—Scott Patterson
Previous Senior Legal Counsel, HP
Software architectures are complex
● Frameworks
● Libraries
● Plug-ins
● Operating systems
● Scripts
● Toolkits
Each comes with its own license
Not so simple
Reuse is Easy
● Re-using FOSS is very easy
– Black box:
● reuse as a component
– White box:
● Clone: copy entire product own's code base
● Cut-and-paste: copy snippets
But Risky
● Most developers don't have training in
licensing
● Many think they do but don't
● Most organizations lack policies regarding
use of FOSS
* Sojer and Henkel 2010
Open Source License Compliance
● It is in need of tool support
– Mostly provided by (expensive) organizations
● Blackduck, Palamida, OpenLogic
● Treat everything as Trade Secret
● License Compliance can't trust
anybody
● Developers/Suppliers:
– Don't know, forget, ignore, lie ...
The big questions
● Who are you and where
did you come from?
– Provenance discovery
● What role do you play?
– Architectural discovery
● Does your mother know you
are here?
– License discovery
Provenance is Complicated
● Was this source file:
– Locally developed?
– Copied?
● If copied:
– What is the source?
● Can we trust the source?
Components license
Software Bertillonage
● Measure certain properties of a software system
– Use these properties to create classifications and reduce
search space
● Joa:
– Bertillonage for Java
– Based on Class and Method signatures
– Capable of matching binaries and source
– Open Source (GPLv2+)
– http://github.com/dmgerman/joa
Joa helps determine what is in binary
The general problem is harder
ffmpeg libavfilter
License Identification
● Once you know the original code
– What is its license?
– Ninka
● Identify license from source code
● Open source (AGPLv3+)
● http://github.com/dmgerman/ninka
Ninka
● Design goals:
– To sacrifice recall for the sake of accuracy
● Rather be safe then wrong
● Support “I don't know”
– To be faster than fossology
– To support the most common licenses, yet be extensible
– To have a very simple “pipe” architecture
● Collection of small tools
● The output of one feeds into the other
Component level composition
● Requires architectural analysis
● How are components connected?
– Type of connection?
● Linking? Dynamic? Static?
● Fork/System exec?
● Web service?
● RPC?
Components license
Putting all Pieces Together
Conclusions
● FOSS reuse is here to stay
● Organizations should be careful on how they
reuse FOSS
– FOSS License Compliance
● Software is needed to help
● We have implemented a method to help in
license compliance of Java Applications
– Joa: provenance
– Ninka: licensing
Components license

Mais conteúdo relacionado

Destaque

How Linux uses Git
How Linux uses GitHow Linux uses Git
How Linux uses Gitdmgerman
 
he Future of Continuous Integration in GNOME
he Future of Continuous Integration in GNOME he Future of Continuous Integration in GNOME
he Future of Continuous Integration in GNOME dmgerman
 
Towards a Census of Free and Open Source Licenses
Towards a Census of Free and Open Source LicensesTowards a Census of Free and Open Source Licenses
Towards a Census of Free and Open Source Licensesdmgerman
 
Cregit Recovering token level authorship from Git
Cregit Recovering token level authorship from GitCregit Recovering token level authorship from Git
Cregit Recovering token level authorship from Gitdmgerman
 
File (20)
File (20)File (20)
File (20)lilfato
 
The Promises and Perils of Mining Github: MSR'2014
The Promises and Perils of Mining Github: MSR'2014The Promises and Perils of Mining Github: MSR'2014
The Promises and Perils of Mining Github: MSR'2014dmgerman
 
The adoption of FOSS workfows in commercial software development: the case of...
The adoption of FOSS workfows in commercial software development: the case of...The adoption of FOSS workfows in commercial software development: the case of...
The adoption of FOSS workfows in commercial software development: the case of...dmgerman
 

Destaque (8)

How Linux uses Git
How Linux uses GitHow Linux uses Git
How Linux uses Git
 
he Future of Continuous Integration in GNOME
he Future of Continuous Integration in GNOME he Future of Continuous Integration in GNOME
he Future of Continuous Integration in GNOME
 
Towards a Census of Free and Open Source Licenses
Towards a Census of Free and Open Source LicensesTowards a Census of Free and Open Source Licenses
Towards a Census of Free and Open Source Licenses
 
VVP100_engl
VVP100_englVVP100_engl
VVP100_engl
 
Cregit Recovering token level authorship from Git
Cregit Recovering token level authorship from GitCregit Recovering token level authorship from Git
Cregit Recovering token level authorship from Git
 
File (20)
File (20)File (20)
File (20)
 
The Promises and Perils of Mining Github: MSR'2014
The Promises and Perils of Mining Github: MSR'2014The Promises and Perils of Mining Github: MSR'2014
The Promises and Perils of Mining Github: MSR'2014
 
The adoption of FOSS workfows in commercial software development: the case of...
The adoption of FOSS workfows in commercial software development: the case of...The adoption of FOSS workfows in commercial software development: the case of...
The adoption of FOSS workfows in commercial software development: the case of...
 

Semelhante a Components license

Teaching Open Source In The University
Teaching Open Source In The UniversityTeaching Open Source In The University
Teaching Open Source In The UniversityDominique Cimafranca
 
Open Source: What’s this all about?
Open Source: What’s this all about?Open Source: What’s this all about?
Open Source: What’s this all about?Brad Montgomery
 
Start your open source project
Start your open source projectStart your open source project
Start your open source projectAhmed Othman
 
Where’s the license?
Where’s the license?Where’s the license?
Where’s the license?Protecode
 
Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)dmgerman
 
Open source a presentation
Open source   a presentationOpen source   a presentation
Open source a presentationAmol Vidwans
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackAaron G. Sauers, CLP
 
Understanding and implementation of open source ecosystems final
Understanding and implementation of open source ecosystems finalUnderstanding and implementation of open source ecosystems final
Understanding and implementation of open source ecosystems finalRachit Technology Pvt Ltd
 
Best practices for using open source software in the enterprise
Best practices for using open source software in the enterpriseBest practices for using open source software in the enterprise
Best practices for using open source software in the enterpriseMarcel de Vries
 
Research software identification - Catherine Jones
Research software identification - Catherine JonesResearch software identification - Catherine Jones
Research software identification - Catherine JonesJisc RDM
 
“State of the Tooling” in Open Source Automation
“State of the Tooling” in Open Source Automation“State of the Tooling” in Open Source Automation
“State of the Tooling” in Open Source AutomationShane Coughlan
 
Introduction to Open Source License and Business Model
Introduction to Open Source License and Business ModelIntroduction to Open Source License and Business Model
Introduction to Open Source License and Business ModelMohd Izhar Firdaus Ismail
 
Open source operating systems
Open source operating systemsOpen source operating systems
Open source operating systemsTushar B Kute
 
Linux Seminar for Beginners
Linux Seminar for BeginnersLinux Seminar for Beginners
Linux Seminar for BeginnersNAILBITER
 
LCA14: LCA14-110: FLOSS Training
LCA14: LCA14-110: FLOSS TrainingLCA14: LCA14-110: FLOSS Training
LCA14: LCA14-110: FLOSS TrainingLinaro
 
How to get started in Open Source!
How to get started in Open Source!How to get started in Open Source!
How to get started in Open Source!Pradeep Singh
 
Foss for students
Foss for studentsFoss for students
Foss for studentsNAILBITER
 
Open Source Software Concepts
Open Source Software ConceptsOpen Source Software Concepts
Open Source Software ConceptsJITENDRA LENKA
 
Software Open Source in ambito industriale
Software Open Source in ambito industrialeSoftware Open Source in ambito industriale
Software Open Source in ambito industrialeBetter Software
 

Semelhante a Components license (20)

Teaching Open Source In The University
Teaching Open Source In The UniversityTeaching Open Source In The University
Teaching Open Source In The University
 
Open Source: What’s this all about?
Open Source: What’s this all about?Open Source: What’s this all about?
Open Source: What’s this all about?
 
Start your open source project
Start your open source projectStart your open source project
Start your open source project
 
Where’s the license?
Where’s the license?Where’s the license?
Where’s the license?
 
Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)
 
Open source a presentation
Open source   a presentationOpen source   a presentation
Open source a presentation
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP Track
 
Understanding and implementation of open source ecosystems final
Understanding and implementation of open source ecosystems finalUnderstanding and implementation of open source ecosystems final
Understanding and implementation of open source ecosystems final
 
Best practices for using open source software in the enterprise
Best practices for using open source software in the enterpriseBest practices for using open source software in the enterprise
Best practices for using open source software in the enterprise
 
Research software identification - Catherine Jones
Research software identification - Catherine JonesResearch software identification - Catherine Jones
Research software identification - Catherine Jones
 
“State of the Tooling” in Open Source Automation
“State of the Tooling” in Open Source Automation“State of the Tooling” in Open Source Automation
“State of the Tooling” in Open Source Automation
 
Introduction to Open Source License and Business Model
Introduction to Open Source License and Business ModelIntroduction to Open Source License and Business Model
Introduction to Open Source License and Business Model
 
Open source operating systems
Open source operating systemsOpen source operating systems
Open source operating systems
 
Linux Seminar for Beginners
Linux Seminar for BeginnersLinux Seminar for Beginners
Linux Seminar for Beginners
 
LCA14: LCA14-110: FLOSS Training
LCA14: LCA14-110: FLOSS TrainingLCA14: LCA14-110: FLOSS Training
LCA14: LCA14-110: FLOSS Training
 
Open Source Licenses
Open Source LicensesOpen Source Licenses
Open Source Licenses
 
How to get started in Open Source!
How to get started in Open Source!How to get started in Open Source!
How to get started in Open Source!
 
Foss for students
Foss for studentsFoss for students
Foss for students
 
Open Source Software Concepts
Open Source Software ConceptsOpen Source Software Concepts
Open Source Software Concepts
 
Software Open Source in ambito industriale
Software Open Source in ambito industrialeSoftware Open Source in ambito industriale
Software Open Source in ambito industriale
 

Último

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 

Último (20)

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 

Components license

  • 1. On the provenance of Free and Open Source Software and the legal implications of its reuse based on A Method for Open Source License Compliance of Java Applications, IEEE Software May-June 2012 (vol. 29 no. 3) Daniel M German Professor Department of Computer Science University of Victoria
  • 2. IP is an engineering problem too ● Sure, Intellectual Property is the realm of lawyers ● But software engineers have to fix it.
  • 3. Open Source ● Open Source – software licensed under an open source license ● Open source LicenseOpen source License – allows the creation of derivative works – and their redistribution As long as some conditions are satisfied
  • 4. Reuse and Open Source ● FOSS materialized Component-Off-The-Shelf software engineering – Huge pool of components ready to be used – Free but with a price: ● Comply with the license
  • 5. FOSS is everywhere today ● Used by both organizations and individuals – Part of many commercial products ● OS X, Android, many embedded devices ● Created by many commercial companies – Apple, Google, HP, Ebay, Amazon, Samsung, IBM, TI, Oracle, etc.
  • 6. “The way software is built is changing” —Scott Patterson Previous Senior Legal Counsel, HP
  • 7. Software architectures are complex ● Frameworks ● Libraries ● Plug-ins ● Operating systems ● Scripts ● Toolkits Each comes with its own license
  • 9. Reuse is Easy ● Re-using FOSS is very easy – Black box: ● reuse as a component – White box: ● Clone: copy entire product own's code base ● Cut-and-paste: copy snippets
  • 10. But Risky ● Most developers don't have training in licensing ● Many think they do but don't ● Most organizations lack policies regarding use of FOSS * Sojer and Henkel 2010
  • 11. Open Source License Compliance ● It is in need of tool support – Mostly provided by (expensive) organizations ● Blackduck, Palamida, OpenLogic ● Treat everything as Trade Secret ● License Compliance can't trust anybody ● Developers/Suppliers: – Don't know, forget, ignore, lie ...
  • 12. The big questions ● Who are you and where did you come from? – Provenance discovery ● What role do you play? – Architectural discovery ● Does your mother know you are here? – License discovery
  • 13. Provenance is Complicated ● Was this source file: – Locally developed? – Copied? ● If copied: – What is the source? ● Can we trust the source?
  • 15. Software Bertillonage ● Measure certain properties of a software system – Use these properties to create classifications and reduce search space ● Joa: – Bertillonage for Java – Based on Class and Method signatures – Capable of matching binaries and source – Open Source (GPLv2+) – http://github.com/dmgerman/joa
  • 16. Joa helps determine what is in binary
  • 17. The general problem is harder ffmpeg libavfilter
  • 18. License Identification ● Once you know the original code – What is its license? – Ninka ● Identify license from source code ● Open source (AGPLv3+) ● http://github.com/dmgerman/ninka
  • 19. Ninka ● Design goals: – To sacrifice recall for the sake of accuracy ● Rather be safe then wrong ● Support “I don't know” – To be faster than fossology – To support the most common licenses, yet be extensible – To have a very simple “pipe” architecture ● Collection of small tools ● The output of one feeds into the other
  • 20. Component level composition ● Requires architectural analysis ● How are components connected? – Type of connection? ● Linking? Dynamic? Static? ● Fork/System exec? ● Web service? ● RPC?
  • 22. Putting all Pieces Together
  • 23. Conclusions ● FOSS reuse is here to stay ● Organizations should be careful on how they reuse FOSS – FOSS License Compliance ● Software is needed to help ● We have implemented a method to help in license compliance of Java Applications – Joa: provenance – Ninka: licensing