Tracing software build processes to uncover license compliance inconsistencies

Authors: Sander van der Burg Eelco Dolstra Shane McIntosh Julius Davies Daniel M. German Armijn Hemel

Venue: ASE   29th ACM/IEEE international conference on Automated software engineering, pp. 731–742, 2008

Year: 2008

Abstract: Open Source Software (OSS) components form the basis for many software systems. While the use of OSS components accelerates development, client systems must comply with the license terms of the OSS components that they use. Failure to do so exposes client system distributors to possible litigation from copyright holders. Yet despite the importance of license compliance, tool support for license compliance assessment is lacking. In this paper, we propose an approach to construct and analyze the Concrete Build Dependency Graph (CBDG) of a software system by tracing system calls that occur at build-time. Through a case study of seven open source systems, we show that the constructed CBDGs: (1) accurately classify sources as included in or excluded from deliverables with 88%-100% precision and 98%-100% recall, and (2) can uncover license compliance inconsistencies in real software systems -- two of which prompted code fixes in the CUPS and FFmpeg systems.

BibTeX:

@inproceedings{sandervanderburg2008tsbptulci,
    author = "Sander van der Burg and Eelco Dolstra and Shane McIntosh and Julius Davies and Daniel M. German and Armijn Hemel",
    title = "Tracing software build processes to uncover license compliance inconsistencies",
    year = "2008",
    pages = "731–742",
    booktitle = "Proceedings of the 29th ACM/IEEE international conference on Automated software engineering
        "
}

Plain Text:

Sander van der Burg, Eelco Dolstra, Shane McIntosh, Julius Davies, Daniel M. German, and Armijn Hemel, "Tracing software build processes to uncover license compliance inconsistencies," 29th ACM/IEEE international conference on Automated software engineering, pp. 731–742