Communications - December 2011

contributed articles

doI: 10.1145/2043174.2043193

Software developers’ reuse of code from
the Internet bears legal and economic risks
for their employers.
BY manueL SoJeR and JoaCHIm HenKeL
License Risks
from ad Hoc
Reuse of
Code from
the Internet

includes permission to be reused in commercial software development, 14 making it highly attractive for firms. 2 Therefore, some firms systematically reuse it by including identification, evaluation, and integration of suitable code in their development processes. 18 Alternatively, Internet code can also be reused in ad hoc fashion, as described in Umarji et al., 23 with individual professional developers, on their own and typically without telling anybody, searching the Internet for existing code as a shortcut in their work, downloading and integrating it into the software they develop.a

Despite its general suitability for reuse in commercial software, Internet code is rarely in the public domain and usually under licenses that demand compliance with specific conditions as a prerequisite for reuse. 8 These conditions vary widely and may, for example, demand attribution of the original creators of the reused code. More critical for firms are the obligations demanded by the GNU General Public License (GPL)b

reUsiNG exisTiNG soFTWare artifacts when developing new software is an attractive way to reduce development costs and time to market while improving software quality. 4 Code is the artifact most commonly reused in software development. 16 Researchers have identified such reuse in commercial software development as a new facet of software reuse. 13, 22 here, “Internet code” means code in the form of components (such as a library encapsulating required functionality) and snippets (such as containing a synchronization block) that can be downloaded from the Internet for free and without individual agreement with the originator; an important instance of such code is publicly available open source software (oSS). Internet code generally

a Places to search for code include OSS repositories (such as SourceForge.net), code search engines (such as Koders.com), and code bases of related OSS projects; for a detailed overview and quantitative analyses, see Sojer. 20

b The GPL is a family of licenses, including versions 1, 2, and 3; since all versions share the “copyleft” obligation, we refer to the whole family as “the GPL” throughout this article.

key insights

Professional software developers reuse code freely available on the Internet (such as open source code) in their commercial projects in ad hoc fashion.

Such code often comes with license obligations; noncompliance can mean legal and economic risk, but developers are often not sufficiently knowledgeable in these matters.

firms should establish clear policies regarding reuse, leveraging reliable information resources on the Internet and complementing them with internal training, lobby universities to include the topic in their curricula, and acknowledge the interdisciplinary nature of the issue.