Guilty or not guilty: Using clone metrics to determine open source licensing violations

Akito Monden, Satoshi Okahara, Yuki Manabe, Kenichi Matsumoto

Research output: Contribution to journalArticle

10 Citations (Scopus)

Abstract

Unintentionally violating open source software (OSS) licenses by reusing OSS code is a serious problem for both software companies and OSS developers. The simplest intuitive way to identify such reuse is to measure code clonesduplicated code fragmentsbetween a suspected program and an existing OSS program. The question then becomes, what is the lower bound of code clone measurements needed to conclude that the suspected program is guilty (reused code exists) and the upper bound needed to conclude that it is not guilty? In their analysis of 1,225 pairs of OSS products, the authors found 121 with reused code. They experimentally explored the boundaries for three code clone metrics: maximum clone length (MCL), number of clone pairs (NCP), and local product similarity (LSim). Using these metrics, they identified guilty, not guilty, and suspicious programs.

Original languageEnglish
Article number5661763
Pages (from-to)42-47
Number of pages6
JournalIEEE Software
Volume28
Issue number2
DOIs
Publication statusPublished - Mar 2011
Externally publishedYes

Keywords

  • open source software reuse
  • product metrics
  • software licensing violations

ASJC Scopus subject areas

  • Software

Fingerprint Dive into the research topics of 'Guilty or not guilty: Using clone metrics to determine open source licensing violations'. Together they form a unique fingerprint.

  • Cite this