DOI - Vydavatelství Mendelovy univerzity v Brně

Identifikátory DOI

DOI: 10.11118/978-80-7509-990-7-0008

OPEN-SOURCE COMPLIANCE: A TACTICAL APPROACH

Ashish Bakshi1, Andreas Kotulla2, Oldřich Faldík1, Oldřich Trenz1
1 Department of Economics, Faculty of Business and Economics, Mendel University in Brno, Zemědělská 1, 613 00 Brno, Czech Republic
2 Bitsea GmbH, Schloßstraße 7, 53757 Sankt Augustin, Germany

As open source becomes increasingly prevalent, understanding the intricacies of various license types, including permissive and copyleft licenses, becomes essential for developers and organizations alike (Tourani, Adams and Serebrenik, 2017). This paper not only explores these license types but also examines the implications of copyright laws and Export Control Compliance (ECC) on open-source software.  A significant portion of the paper is dedicated to evaluating key tools used in open-source compliance, such as SW360, FOSSology, OSS Review Toolkit (ORT), and Software Bill of Materials (SBOM). In this paper, a comprehensive analysis of open-source license compliance offers practical insights and recommendations for developers and organizations navigating the complexities of open-source software adoption. The specific contribution of this paper lies in providing a detailed comparative analysis of these tools, alongside a case study on their application in real-time audits.

Klíčová slova: open-source compliance, sw360, fossology, ORT, SBOM

stránky: 8-16, online: 2024



Reference

  1. CHOI, C.-H. 2008. A Study on Global Compliance of Global Companies under the Circumstance of Export Control. The Korean Research Institute of International Commerce and Law.
  2. COLEMAN, M. A. 2014. Freedom From Restriction, Freedom Of A Restriction: A Comparison Of Some Open Source Software Licenses. https://arxiv.org/abs/1402.2079
  3. GONZÁLEZ-BARAHONA, D. M. 2009. An Empirical Study of the Reuse of Software Licensed under the GNU General Public License. In: BOLDYREFF, C., CROWSTON, K., LUNDELL, B.,
  4. WASSERMAN, A. I. (eds.). Open Source Ecosystems: Diverse Communities Interacting. OSS 2009. IFIP Advances in Information and Communication Technology. Vol 299. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02032-2_17 Přejít k původnímu zdroji...
  5. HE, Z., PETERS, F., MENZIES, T. and YANG, Y. 2013. Learning from Open-Source Projects: An Empirical Study on Defect Prediction. In: 2013 ACM / IEEE International Symposium on Empirical Software Engineering and Measurement. Baltimore, MD, USA, 2013, pp. 45-54, doi: 10.1109/ESEM.2013.20 Přejít k původnímu zdroji...
  6. KUMAR, N. 2022. Export Compliance as a Response To Export Control. Rel. Guido Sassi. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Gestionale (Engineering And Management).
  7. LINDMAN, J., PAAJANEN, A. and ROSSI, M. 2010. Choosing an Open Source Software License in Commercial Context: A Managerial Perspective. In: 36th EUROMICRO Conference on Software Engineering and Advanced Applications. Lille, France, 2010, pp. 237-244, doi: 10.1109/SEAA.2010.26 Přejít k původnímu zdroji...
  8. MATHUR, A., CHOUDHARY, H., VASHIST, P., THIES, W. and THILAGAM, S. 2012. An Empirical Study of License Violations in Open Source Projects. In: 35th Annual IEEE Software Engineering Workshop. Heraklion, Greece, 2012, pp. 168-176, doi: 10.1109/SEW.2012.24 Přejít k původnímu zdroji...
  9. SHERAE, D. and STEWART, K. 2016. Open source project success: Resource access, flow, and integration. The Journal of Strategic Information Systems, 25(3), 159-176. https://doi.org/10.1016/j.jsis.2016.02.006 Přejít k původnímu zdroji...
  10. SHIM, S.-R. 2011. A Comparative Study on the Compliance Program(CP) of Strategic Export Control System between Korea and Japan. International Commerce and Information Review.
  11. TOURANI, P., ADAMS, B. and SEREBRENIK, A. 2017. Code of conduct in open source projects. In: IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER). Klagenfurt, Austria, 2017, pp. 24-33, doi: 10.1109/SANER.2017.7884606 Přejít k původnímu zdroji...
  12. MARYKA, T., GERMAN, D. M. and POO-CAAMAÑO, G. 2015. On the Variability of the BSD and MIT Licenses. In: DAMIANI, E., FRATI, F., RIEHLE, D., WASSERMAN, A. (eds.). Open Source Systems: Adoption and Impact. OSS 2015. IFIP Advances in Information and Communication Technology. Vol 451. Springer, Cham. https://doi.org/10.1007/978-3-319-17837-0_14 Přejít k původnímu zdroji...