Slashdot Mirror


The Open-Source Detector

McDutchie writes "With open-source related lawsuits on the rise, a market is developing for automated tools that detect the presence of open-source code within larger application development environments. Palamida Inc. stepped in with IP Amplifier 3.0, essentially a search tool and a database that consists of more than 38 million of the most commonly used open-source files. Something Google-inspired called CodeRank is claimed to match code against the database. Hmm... maybe someone should run it on this, or even this." Of course, some open source code is perfectly welcome in commercial software, even if that software's code is not itself open; it's no secret or surprise that Microsoft, for instance, has taken advantage in some products of BSD-licensed code.

5 of 340 comments (clear)

  1. I wonder... by 0x461FAB0BD7D2 · · Score: 4, Interesting

    Could this tool be used in reverse?

    For example, one could write a bug-filled line of code, perhaps something with a buffer-overflow. This could then be matched with open-source projects and projects with buffer overflows are found. Of course, this could also be used to find vulnerabilities and so on.

  2. The BSD license argument by marcovje · · Score: 5, Interesting


    >Of course, some open source code is perfectly >welcome in commercial software, even if that >software's code is not itself open; it's no secret >or surprise that Microsoft, for instance, has taken >advantage in some products of BSD-licensed code.

    This example (socket code) often pops up, and is often used in GPL advocacy.

    Note however that the TCP/IP work was done under a DARPA grant, paid for by the US government, so it is not only legal, but even moral right for Microsoft to use this code.

  3. high costs? by moz25 · · Score: 3, Interesting

    Palamida charges $50,000 to $250,000 for an annual subscription to IP Amplifier. Cost depends upon the size of the customer's development environment.

    That seems rather steep. Are they doing something really complicated or is this something that a well-maintained (open-source?) project could do? Of course they are storing a major amount of information (i.e. all of sourceforge/freshmeat).
    This might in fact be a feature that sourceforge might want to implement (for a fee): doing a search in their database.

    On the other hand, it might make more sense to check against proprietary source, data and images. They are, by their nature, harder to find.

    Also: when outsourcing parts of a project, wouldn't a contract have to state explicitly conditions such as not stealing/borrowing code from elsewhere? It would be a minimum requirement that the licensing of any (sub-)code would have to fit the overall product.

  4. Will probably find many blatant violators. by putko · · Score: 4, Interesting

    I worked at a ruthless company. Part of the culture was to get results as fast as possible and completely ignore things like licenses, rules and laws, if it helped to make money.

    We certainly would have violated the GPL in a second, given that one couldn't really prove damage to the other party (aging idealist hippies with beards who were naive enough to give away software with a silly "license").

    The ripoff of commercial software was driving me nuts though -- it seemed quite wrong, esp. given that we were raking in the dough and were not paying just because we could easily avoid it through technical measures.

    However, part of the "culture" was that we were so busy that we were sloppy about the misdeeds. We wouldn't have had time to cover our tracks.

    Such tools would have caught us, so I'm guessing such tools will lead to finding many similar violators.

    --
    http://www.thebricktestament.com/the_law/when_to_s tone_your_children/dt21_18a.html
  5. Re:No Gurantee Against reimplentation by tolan-b · · Score: 3, Interesting

    As far as I understand it, the GPL has a clause saying that any patents that cover the code being distributed must be licensed for everyone's free use. That's not the case with Microsoft's shared source.