The Open-Source Detector
McDutchie writes "With open-source related lawsuits on the rise, a
market is developing for automated tools that detect the presence of open-source code within larger
application development environments.
Palamida Inc.
stepped in with IP Amplifier 3.0,
essentially a search tool and a database that consists of more than 38 million
of the most commonly used open-source files. Something Google-inspired called
CodeRank is claimed to match code against the database. Hmm...
maybe
someone should run it on
this,
or even
this." Of course, some open source code is perfectly welcome in commercial software, even if that software's code is not itself open; it's no secret or surprise that Microsoft, for instance, has taken advantage in some products of BSD-licensed code.
Could this tool be used in reverse?
For example, one could write a bug-filled line of code, perhaps something with a buffer-overflow. This could then be matched with open-source projects and projects with buffer overflows are found. Of course, this could also be used to find vulnerabilities and so on.
>Of course, some open source code is perfectly >welcome in commercial software, even if that >software's code is not itself open; it's no secret >or surprise that Microsoft, for instance, has taken >advantage in some products of BSD-licensed code.
This example (socket code) often pops up, and is often used in GPL advocacy.
Note however that the TCP/IP work was done under a DARPA grant, paid for by the US government, so it is not only legal, but even moral right for Microsoft to use this code.
I worked at a ruthless company. Part of the culture was to get results as fast as possible and completely ignore things like licenses, rules and laws, if it helped to make money.
We certainly would have violated the GPL in a second, given that one couldn't really prove damage to the other party (aging idealist hippies with beards who were naive enough to give away software with a silly "license").
The ripoff of commercial software was driving me nuts though -- it seemed quite wrong, esp. given that we were raking in the dough and were not paying just because we could easily avoid it through technical measures.
However, part of the "culture" was that we were so busy that we were sloppy about the misdeeds. We wouldn't have had time to cover our tracks.
Such tools would have caught us, so I'm guessing such tools will lead to finding many similar violators.
http://www.thebricktestament.com/the_law/when_to_