wonderfully unique software solutions

Few organisations are on top of software licensing requirements, warns JetBrains

Most organisations involved in software or hardware development still have no license auditing process for their codebase, according to JetBrains.

Anastasia Khramushina, writing for the developer tools specialist, said that organisations need to keep their dependency licenses in check to avoid legal and reputational damages stemming from licensing issues.

“If your business relies on open-source components or outsource development in your services, or if you as a developer reuse code from services like GitHub when working on company projects, your organisation could be at risk,” she said.

With the rising popularity of free software licensing such as the GNU General Public License (GPL), organisations may increasingly overlook more stringent licensing requirements around their use of software.

“Inappropriate use of the GPL can land businesses in legal trouble if they use code in the wrong way, deliberately or otherwise,” Khramushina said.

The GPL typically allows end users to run, study, share and modify software with the license. However, companies like Panasonic Avionics have fallen foul of the US courts, being sued by CoKinetic Systems for damages over $100m due to alleged misuse of GPL licensing.

“Nearly all organisations involved in software or hardware development still have no license auditing process for their codebase,” Khramushina said.

“There are many other cases like Welte v Fantec or Linksys v Free Software Foundation where a company or organisation neglected license auditing and had to suffer the consequences.”

Organisations cannot afford to miss a piece of unlicensed code ending up in their own product – but manual detection is difficult when developers, legal and security teams are working with multiple applications and licenses, she added.

“You can’t rule out the possibility of accidentally importing a restrictive-licensed library into a software codebase or forgetting to update an expired license,” Khramushina said.

She said that the process can be automated with code quality platforms, including JetBrains’ Qodana, which has unveiled an EAP (early access programme) for License audit.

“For developers, Qodana lists dependency licenses in an analysed repository and warns you about any problems concerning their compatibility with the project licenses,” Khramushina explained.

( Image by Sang Hyun Cho from Pixabay )

Recent Articles

Staff expect more flexible support in and beyond the workplace: GoTo survey

SMB IT teams are struggling with increasing challenges in managing a hybridised working environment, according to mobile connectivity software vendor GoTo --...

MSPs targeted with uSecure course builder features to boost cyber risk management

New in May from human risk management (HRM) provider uSecure is an array of enhancements to help channel partners tackle the critical...

Video often preferred for knowledge and skill transfer, poll suggests

Demand for video-based media has been on the rise during pandemic and will continue to be preferred by many organisations, according to...

How luxury fashion can reduce its environmental impact using data

Data can help progress on environmental sustainability and governance (ESG) with the “ultimate goal” of becoming “climate positive” – instead of damaging...

Snow Software targets hybrid and multi cloud management complexity

Software from Snow now supports new platforms, integrations and provisioning methods, with a view to easing the complexities around managing hybrid and...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox