wonderfully unique software solutions

Few organisations are on top of software licensing requirements, warns JetBrains

Most organisations involved in software or hardware development still have no license auditing process for their codebase, according to JetBrains.

Anastasia Khramushina, writing for the developer tools specialist, said that organisations need to keep their dependency licenses in check to avoid legal and reputational damages stemming from licensing issues.

“If your business relies on open-source components or outsource development in your services, or if you as a developer reuse code from services like GitHub when working on company projects, your organisation could be at risk,” she said.

With the rising popularity of free software licensing such as the GNU General Public License (GPL), organisations may increasingly overlook more stringent licensing requirements around their use of software.

“Inappropriate use of the GPL can land businesses in legal trouble if they use code in the wrong way, deliberately or otherwise,” Khramushina said.

The GPL typically allows end users to run, study, share and modify software with the license. However, companies like Panasonic Avionics have fallen foul of the US courts, being sued by CoKinetic Systems for damages over $100m due to alleged misuse of GPL licensing.

“Nearly all organisations involved in software or hardware development still have no license auditing process for their codebase,” Khramushina said.

“There are many other cases like Welte v Fantec or Linksys v Free Software Foundation where a company or organisation neglected license auditing and had to suffer the consequences.”

Organisations cannot afford to miss a piece of unlicensed code ending up in their own product – but manual detection is difficult when developers, legal and security teams are working with multiple applications and licenses, she added.

“You can’t rule out the possibility of accidentally importing a restrictive-licensed library into a software codebase or forgetting to update an expired license,” Khramushina said.

She said that the process can be automated with code quality platforms, including JetBrains’ Qodana, which has unveiled an EAP (early access programme) for License audit.

“For developers, Qodana lists dependency licenses in an analysed repository and warns you about any problems concerning their compatibility with the project licenses,” Khramushina explained.

( Image by Sang Hyun Cho from Pixabay )

Recent Articles

How TechSmith video-based learning can boost diversity and inclusion

When Hillsborough Community College in the USA wanted to create a remote-learning platform to assist students who use sign language, it turned...

Opswat uprates security for AWS partners in the cloud

Operations tech (OT) and industrial cybersecurity vendor Opswat, maker of MetaDefender, has been expanding and deepening its relationships with Amazon Web Services...

TeamViewer and Siemens to collaborate on augmented, mixed reality

TeamViewer is teaming up with Siemens on augmented and mixed reality (AR/MR) for the product lifecycle management space. The...

Paessler PRTG for secure schools monitoring and management

Non-IT systems from building services engineering to laboratory technology are being integrated into the central IT system at most educational institutions, increasing...

OpenText expands cloud integrated information management offering

Vendor OpenText has announced three new avenues for integrating cloud content as it pursues its vision for holistic information management in the...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox