Issue No. 02 - March/April (2011 vol. 28)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MS.2010.159
Akito Monden , Nara Institute of Science and Technology, Japan
Satoshi Okahara , Nara Institute of Science and Technology, Japan
Yuki Manabe , Osaka University
Kenichi Matsumoto , Nara Institute of Science and Technology, Japan
Unintentionally violating open source software (OSS) licenses by reusing OSS code is a serious problem for both software companies and OSS developers. The simplest intuitive way to identify such reuse is to measure code clones—duplicated code fragments—between a suspected program and an existing OSS program. The question then becomes, what is the lower bound of code clone measurements needed to conclude that the suspected program is guilty (reused code exists) and the upper bound needed to conclude that it is not guilty? In their analysis of 1,225 pairs of OSS products, the authors found 121 with reused code. They experimentally explored the boundaries for three code clone metrics: maximum clone length (MCL), number of clone pairs (NCP), and local product similarity (LSim). Using these metrics, they identified guilty, not guilty, and suspicious programs.
open source software reuse, software licensing violations, product metrics
Y. Manabe, S. Okahara, K. Matsumoto and A. Monden, "Guilty or Not Guilty: Using Clone Metrics to Determine Open Source Licensing Violations," in IEEE Software, vol. 28, no. , pp. 42-47, 2010.