![]() In addition to the real world risk assessment, there needs to be consideration of the cost of actually performing detailed, line by line analysis of source. These examples reflect an accurate risk vs reward calculation: Do I need snippet matching if people aren't really doing it and/or it's not yet proven to be a real-world risk? "The court found that such functions and programming language were not protected under the EU Directive on Protection of Computer Programs". Oracle sued Google for the alleged infringement of Oracle’s copyrights in the Java software (which it had acquired from Sun Microsystems, Inc.)"." However, at the end of May, Judge Alsup issued a decision finding that the Java APIs were not protectable under copyright law."Ĭontinuing with case analysis, Radcliffe states in Item 3, "The case involved the copying of the scripts and certain functions of the SAS analytical software.". In Mark Radcliffe's list of the "T op Ten FOSS Legal Developments" of 2012, Item 2 states, "A separate but related case also involved the Android operating system. Specifically, this wasn't really source code cut and paste, they included the entire iptables application in the linux based firmware. As an example, in 2013 Fantec was taken to court because firmware of the media player included the iptables software which is licensed under the GPLv2. They involved wholesale reuse of components/frameworks/operating systems. I can't recall any well known, high profile lawsuits involving snippets. While it is true that developers could copy code around, in a component based language like Java (and every language since) the reality is they don't. Of course he's going to say you need the operation. It's like going to a surgeon and asking him what to do. I believe people think they need snippet matching because that was actually common in c/c++ and people assume it happens frequently in modern languages (untrue), and vendors have been successful in raising awareness of this problem because that's what they are good at. Prospect Question: Is there an inexpensive option for code snippet scans of source code that we could use in conjunction with Component Lifecycle Management? To create conversation with the masses on this topic, I've shared my perspective so you have a complete picture of the risk and cost of code snippet scanning. We think this comes from mis-informed demand. We typically try to dig at why the prospect actually thinks they need snippet matching. Code snippet scanning is a common question we get from prospects.
0 Comments
Leave a Reply. |