Subventions et des contributions :

Retour à la page de recherche

Titre :

Service-based license verification of open source software

Numéro de l’entente :

EGP

Valeur d'entente :

25 000,00 $

Date d'entente :

14 juin 2017 -

Organisation :

Conseil de recherches en sciences naturelles et en génie du Canada

Location :

Alberta, Autre, CA

Numéro de référence :

GC-2017-Q1-00445

Type d'entente :

subvention

Type de rapport :

Subventions et des contributions

Informations supplémentaires :

Subvention ou bourse octroyée s'appliquant à plus d'un exercice financier. (2017-2018 à 2018-2019)

Nom légal du bénéficiaire :

Hindle, Abram (University of Alberta)

Programme :

Subventions d'engagement partenarial pour les universités

But du programme :

Open source developers create and share their code and tools for free. These projects are valuable to industry and open source developers alike because these projects solve common problems faced by both communities. Therefore, both groups have interest in the livelihood of open source projects which are supported by open source licenses.x000D
Open source license enable the distribution and sharing of source code in a safe and repeatable manner, but they come with complicated constraints. These licenses have implications on the projects that reuse open software that have them. Anyone can create an open source project but not everyone can evaluate project licensing issues. Therefore, it is not clear if a project is open source and license compliant. Black Duck software specializes in certifying that industrial partners are license compliant, but this functionality should be also made available to the open-source community who are ultimately concerned about.x000D
This means that reusing open source software in an industrial setting is not a simple task. The applications need to be verified-compliant in order to avoid any potential lawsuits or loss of user of the Open Source software, which is a costly process. Black Duck currently is an world leader in license compliance auditing. For smaller companies, it might not be possible to perform a license assessment to determine if they are infringing on open licenses or if they are required to abide requirements such as sharing their source code with clients.x000D
We wish to work with Black Duck to research different kinds of license verification techniques and help provide access to the fruits of this research as a web service and tools for the open source community. Canada's open source community will benefit from license compliance such services and tools to make code licensing more accessible to developers. We will build a web service that can check a given software repository for its licenses, informing open source developers of potential violations.x000D
x000D
x000D
x000D