Guilty or not guilty: Using clone metrics to determine open source licensing violations

Akito Monden; Satoshi Okahara; Yuki Manabe; Kenichi Matsumoto

doi:10.1109/MS.2010.159

Guilty or not guilty: Using clone metrics to determine open source licensing violations

Akito Monden, Satoshi Okahara, Yuki Manabe, Kenichi Matsumoto

Research output: Contribution to journal › Article › peer-review

14 Citations (Scopus)

Abstract

Unintentionally violating open source software (OSS) licenses by reusing OSS code is a serious problem for both software companies and OSS developers. The simplest intuitive way to identify such reuse is to measure code clonesduplicated code fragmentsbetween a suspected program and an existing OSS program. The question then becomes, what is the lower bound of code clone measurements needed to conclude that the suspected program is guilty (reused code exists) and the upper bound needed to conclude that it is not guilty? In their analysis of 1,225 pairs of OSS products, the authors found 121 with reused code. They experimentally explored the boundaries for three code clone metrics: maximum clone length (MCL), number of clone pairs (NCP), and local product similarity (LSim). Using these metrics, they identified guilty, not guilty, and suspicious programs.

Original language	English
Article number	5661763
Pages (from-to)	42-47
Number of pages	6
Journal	IEEE Software
Volume	28
Issue number	2
DOIs	https://doi.org/10.1109/MS.2010.159
Publication status	Published - Mar 2011
Externally published	Yes

Keywords

open source software reuse
product metrics
software licensing violations

ASJC Scopus subject areas

Software

Access to Document

10.1109/MS.2010.159

Cite this

@article{8f4c917c1a47461e98cc183f9f58f8e8,

title = "Guilty or not guilty: Using clone metrics to determine open source licensing violations",

abstract = "Unintentionally violating open source software (OSS) licenses by reusing OSS code is a serious problem for both software companies and OSS developers. The simplest intuitive way to identify such reuse is to measure code clonesduplicated code fragmentsbetween a suspected program and an existing OSS program. The question then becomes, what is the lower bound of code clone measurements needed to conclude that the suspected program is guilty (reused code exists) and the upper bound needed to conclude that it is not guilty? In their analysis of 1,225 pairs of OSS products, the authors found 121 with reused code. They experimentally explored the boundaries for three code clone metrics: maximum clone length (MCL), number of clone pairs (NCP), and local product similarity (LSim). Using these metrics, they identified guilty, not guilty, and suspicious programs.",

keywords = "open source software reuse, product metrics, software licensing violations",

author = "Akito Monden and Satoshi Okahara and Yuki Manabe and Kenichi Matsumoto",

year = "2011",

month = mar,

doi = "10.1109/MS.2010.159",

language = "English",

volume = "28",

pages = "42--47",

journal = "IEEE Software",

issn = "0740-7459",

publisher = "IEEE Computer Society",

number = "2",

}

TY - JOUR

T1 - Guilty or not guilty

T2 - Using clone metrics to determine open source licensing violations

AU - Monden, Akito

AU - Okahara, Satoshi

AU - Manabe, Yuki

AU - Matsumoto, Kenichi

PY - 2011/3

Y1 - 2011/3

N2 - Unintentionally violating open source software (OSS) licenses by reusing OSS code is a serious problem for both software companies and OSS developers. The simplest intuitive way to identify such reuse is to measure code clonesduplicated code fragmentsbetween a suspected program and an existing OSS program. The question then becomes, what is the lower bound of code clone measurements needed to conclude that the suspected program is guilty (reused code exists) and the upper bound needed to conclude that it is not guilty? In their analysis of 1,225 pairs of OSS products, the authors found 121 with reused code. They experimentally explored the boundaries for three code clone metrics: maximum clone length (MCL), number of clone pairs (NCP), and local product similarity (LSim). Using these metrics, they identified guilty, not guilty, and suspicious programs.

AB - Unintentionally violating open source software (OSS) licenses by reusing OSS code is a serious problem for both software companies and OSS developers. The simplest intuitive way to identify such reuse is to measure code clonesduplicated code fragmentsbetween a suspected program and an existing OSS program. The question then becomes, what is the lower bound of code clone measurements needed to conclude that the suspected program is guilty (reused code exists) and the upper bound needed to conclude that it is not guilty? In their analysis of 1,225 pairs of OSS products, the authors found 121 with reused code. They experimentally explored the boundaries for three code clone metrics: maximum clone length (MCL), number of clone pairs (NCP), and local product similarity (LSim). Using these metrics, they identified guilty, not guilty, and suspicious programs.

KW - open source software reuse

KW - product metrics

KW - software licensing violations

UR - http://www.scopus.com/inward/record.url?scp=79952126469&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79952126469&partnerID=8YFLogxK

U2 - 10.1109/MS.2010.159

DO - 10.1109/MS.2010.159

M3 - Article

AN - SCOPUS:79952126469

SN - 0740-7459

VL - 28

SP - 42

EP - 47

JO - IEEE Software

JF - IEEE Software

IS - 2

M1 - 5661763

ER -

Guilty or not guilty: Using clone metrics to determine open source licensing violations

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this