wonderfully unique software solutions

Few organisations are on top of software licensing requirements, warns JetBrains

Most organisations involved in software or hardware development still have no license auditing process for their codebase, according to JetBrains.

Anastasia Khramushina, writing for the developer tools specialist, said that organisations need to keep their dependency licenses in check to avoid legal and reputational damages stemming from licensing issues.

“If your business relies on open-source components or outsource development in your services, or if you as a developer reuse code from services like GitHub when working on company projects, your organisation could be at risk,” she said.

With the rising popularity of free software licensing such as the GNU General Public License (GPL), organisations may increasingly overlook more stringent licensing requirements around their use of software.

“Inappropriate use of the GPL can land businesses in legal trouble if they use code in the wrong way, deliberately or otherwise,” Khramushina said.

The GPL typically allows end users to run, study, share and modify software with the license. However, companies like Panasonic Avionics have fallen foul of the US courts, being sued by CoKinetic Systems for damages over $100m due to alleged misuse of GPL licensing.

“Nearly all organisations involved in software or hardware development still have no license auditing process for their codebase,” Khramushina said.

“There are many other cases like Welte v Fantec or Linksys v Free Software Foundation where a company or organisation neglected license auditing and had to suffer the consequences.”

Organisations cannot afford to miss a piece of unlicensed code ending up in their own product – but manual detection is difficult when developers, legal and security teams are working with multiple applications and licenses, she added.

“You can’t rule out the possibility of accidentally importing a restrictive-licensed library into a software codebase or forgetting to update an expired license,” Khramushina said.

She said that the process can be automated with code quality platforms, including JetBrains’ Qodana, which has unveiled an EAP (early access programme) for License audit.

“For developers, Qodana lists dependency licenses in an analysed repository and warns you about any problems concerning their compatibility with the project licenses,” Khramushina explained.

( Image by Sang Hyun Cho from Pixabay )

Recent Articles

Octopus Deploy deprecates Server authentication, certifies with HashiCorp

Devops-focused config management company Octopus Deploy has rounded off November with a trio of updates -- affecting Octopus Server developers, HashiCorp Vault...

SolarWinds and HCL expand enterprise AI for IT ops partnership

Infrastructure applications vendor SolarWinds and HCL Software are expanding their work together delivering enterprise AI and ITops management offerings.

N-able expands channel push with accelerated global support

Remote monitoring and management (RMM) specialist N-able is ramping up its support fot the distribution channel worldwide in a bid to increase...

Keeper Security finds multiple weekly cyberattacks on UK professional services

The IT systems of UK-based professional services and financial services providers are often attacked many times each week, according to a Keeper...

JetBrains previews new IntelliJ based Fleet IDE and editor

Developer tools company JetBrains has opened up public preview access to its Fleet integrated development environment (IDE) and editor.

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox