jump to navigation

Ethics and Trust in Open Source Software December 3, 2013

Posted by kristinamensch in Security.

In his 1984 Turing Award acceptance remarks Ken Thompson, after describing a way in which to write a self-replicating program that exploits the C compiler, moralizes that ‘you can’t trust code that you did not totally create yourself’. [4] While the sentiment is surely true, realizing this in today’s technological landscape is all but impossible. No single business or technology user today can be limited to simply using software that they have created completely. From business systems to smartphones to automobiles businesses and consumers put their trust into the software architects, designers, developers, managers, and software testers that create the products that they purchase, use, and depend on in their daily lives. As software developers and engineers we have an obligation to work hard to deserve that level of trust.

Adopted in 1992 the ACM Code of Ethics and Professional Conduct can provide helpful guidance for those involved in the creation of software products. [1] There are eight ‘General Moral Imperatives’ for ACM members to follow.  Imperatives 1.5 and 1.6 state respectively that the ACM professional will ‘honor property rights including copyrights and patents’ and ‘give proper credit for intellectual property’. I am particularly interested in how these imperatives are considered and upheld by developers with respect to the incorporation of open source software into their custom applications. Open source software can save design and development time, increase functionality that can be built into an application in a set amount of time, and lower development costs. Because of these benefits open source software is becoming an increasing attractive solution for software developers. Quality open source software is easily available online – developers just need to download and add it to their project. Some developers may feel that because the software and its source code are available for all to see online that it falls into the public domain and can be used in any way, but this is not the case. Most open source software has a usage license that the user agrees to by clicking a check box or simply downloading the software.

There are two general types of open source licenses: copyleft licenses and permissive licenses.[2] Copyleft licenses, like GNU GPL and AGPL, require any derivative works to be licensed with the same license – meaning that any source code produced with the open source software be open source and made available to users downstream. This license tries to prevent the downstream monetization of the original open source software. Permissive open source licenses, like BSD, MIT, and Apache, place fewer restrictions on any downstream products than copyleft licenses allowing users to create proprietary derivative software.[3] It is very important for software developers considering the integration of an open source software product into their application code to read and understand the licenses and restrictions that they are agreeing to by using the software. Businesses need to create and follow a process for open source software integration that includes reading and understanding the license, compliance, and maintenance. If any confusion arises around licensing and restriction in the use of an open source software product businesses should seek legal advice on how to comply with the licensing agreement. Software developers should also give proper credit to the open source software by maintaining the open source software copyright as outlined by the license.

As software developers we have an expanding array of open source tools that we can use to create a better software product for our customers, but we have to remember that our responsibility is not only to create the best product for our customers – it is to do so legally and while respecting the intellectual property and rights of our fellow developers by abiding by the terms of their licensing agreements.

Works Cited

[1] Association for Computing Machinery. “Code of Ethics — Association for Computing Machinery.” Association for Computing Machinery. October 16, 1992. http://www.acm.org/about/code-of-ethics (accessed November 15, 2013).

[2] Bledsoe, Mark J. “Open Source Software Issues in Commercial Transactions, Contributed by Mark J. Bledsoe, Bradley Arant Boult and Cummings LLP – Bloomberg Law.” Bloomberg Law. 2011. http://about.bloomberglaw.com/practitioner-contributions/open-source-software-issues/ (accessed December 2, 2013).

[3] Open Source Initiative. Frequently Answered Questions | Open Source Initiative. December 3, 2013. http://opensource.org/osd (accessed December 3, 2013).

[4] Thompson, Ken. “Reflections on Trusting Trust.” Communications of the ACM (ACM) 27, no. 8 (August 1984): 761-763.



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: