SYSTEMS AND METHODS TO ANALYZE OPEN SOURCE COMPONENTS IN SOFTWARE PRODUCTS

US 20190005206A1
Filed: 06/28/2018
Published: 01/03/2019
Est. Priority Date: 06/30/2017
Status: Active Grant

First Claim

Patent Images

1. A processor implemented method (200) comprising:

receiving a product embedded with one or more Open Source Software (OSS) components (202);

comparing each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches therebetween based on attributes associated thereof (204);

categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft (206);

identifying a usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the license usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary (208);

identifying as one or more unidentified components, the one or more OSS components in the product having no match with the OSS components available in the first OSS database (DB1) or having a match but characterized by at least one missing attribute (210);

periodically comparing the one or more unidentified components with the OSS components in the first OSS database (DB1) to identify one or more new matches based on continual updation of OSS components available in the public domain (212);

updating a second OSS database (DB2) comprising at least some of the one or more OSS components in the product having the one or more matches, the one or more new matches, the one or more unidentified components categorized as one or more proprietary components and OSS components previously available in the public domain (214);

performing an OSS compliance analyses for the one or more OSS components in the product based on the usage type, the attributes associated thereof comprised in the second OSS database (DB2) and one or more pre-defined rules (216);

generating a comprehensive report (R5) based on the OSS compliance analyses, wherein the comprehensive report (R5) includes a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein (218); and

adaptively learning the one or more OSS components and the attributes associated thereof comprised in the comprehensive report (R5) and updating the second OSS database (DB2) (220).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Considering the number of OSS components and the number of OSS license types available today, the number of license attributes to be considered for analyzing a product at a granular level is a challenge to perform manually, prudently considering legal implications of non-compliance and contamination and also within the limited time available today before go to market in the software industry. Systems and methods of the present disclosure intelligently facilitates a matrix which is able to identify OSS components in a deliverable and also facilitates the product owner to identify proprietary IP that can be suitably protected and licensed without contamination by the accompanying OSS components in the product under consideration. License attributes of the OSS components are mapped suitably and a final attribute is derived for each OSS component embedded in the product under consideration.

34 Citations

View as Search Results

11 Claims

1. A processor implemented method (200) comprising:
- receiving a product embedded with one or more Open Source Software (OSS) components (202);
  
  comparing each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches therebetween based on attributes associated thereof (204);
  
  categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft (206);
  
  identifying a usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the license usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary (208);
  
  identifying as one or more unidentified components, the one or more OSS components in the product having no match with the OSS components available in the first OSS database (DB1) or having a match but characterized by at least one missing attribute (210);
  
  periodically comparing the one or more unidentified components with the OSS components in the first OSS database (DB1) to identify one or more new matches based on continual updation of OSS components available in the public domain (212);
  
  updating a second OSS database (DB2) comprising at least some of the one or more OSS components in the product having the one or more matches, the one or more new matches, the one or more unidentified components categorized as one or more proprietary components and OSS components previously available in the public domain (214);
  
  performing an OSS compliance analyses for the one or more OSS components in the product based on the usage type, the attributes associated thereof comprised in the second OSS database (DB2) and one or more pre-defined rules (216);
  
  generating a comprehensive report (R5) based on the OSS compliance analyses, wherein the comprehensive report (R5) includes a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein (218); and
  
  adaptively learning the one or more OSS components and the attributes associated thereof comprised in the comprehensive report (R5) and updating the second OSS database (DB2) (220).
- View Dependent Claims (2, 3, 4, 5)
- - 2. The processor implemented method of claim 1, wherein at least the second OSS database (DB2) has a pre-defined format comprising the attributes including OSS component name, OSS component version, OSS component home page URL, OSS component license type, OSS component license URL, OSS component attribution note, license usage type, commercial distribution permission, OSS component compile permission, license compatibility with the OSS component license type associated with other OSS components comprised in the product or compatibility with proprietary license.
  - 3. The processor implemented method of claim 2 further comprising generating one or more reports (222) comprising:
    - a first report (R1) pertaining to the one or more unidentified components;
      
      a second report (R2) pertaining to the one or more OSS components in the product having the strong copyleft license;
      
      a third report (R3) pertaining to the one or more OSS components in the product having the weak copyleft license; and
      
      a fourth report (R4) pertaining to the one or more OSS components in the product having the permissive license.
  - 4. The processor implemented method of claim 3, wherein the one or more pre-defined rules comprise:
    - rejecting an OSS component if associated with the strong copy left license;
      
      approving an OSS component for inclusion in the second OSS database (DB2) if associated with the weak copy left license and the OSS usage type is one of the library not compiled with the product or the file not compiled with the product;
      
      rejecting an OSS component if associated with the weak copy left license and the OSS usage type is one of the library compiled with the product or the file compiled with the product;
      
      rejecting an OSS component if associated with the weak copy left license and the OSS usage type is the snippet; and
      
      approving an OSS component for inclusion in the second OSS database (DB2) if associated with the permissive license and the OSS usage is one of the library, the snippet or the file.
  - 5. The processor implemented method of claim 4, wherein generating the comprehensive report (R5) comprises:
    - combining the first report (R1), the second report (R2), the third report (R3) and the fourth report (R4); and
      
      computing the final attribute wherein the final attribute is “
      
      Y”
      
      or “
      
      N”
      
      for each of the one or more OSS components in the product based on the one or more pre-defined rules corresponding to approving or rejecting of the OSS component respectively and wherein a “
      
      Y”
      
      for all of the one or more OSS components in the product is indicative of compliance with the attributes of each of the one or more OSS components comprised therein.

6. A system comprising:
- one or more data storage devices (102) operatively coupled to one or more hardware processors (104) and configured to store instructions configured for execution by the one or more hardware processors to;
  
  receive, a product embedded with one or more Open Source Software (OSS) components;
  
  compare each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches therebetween based on attributes associated thereof;
  
  categorize, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft;
  
  identify a usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the license usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary;
  
  identify as one or more unidentified components, the one or more OSS components in the product having no match with the OSS components available in the first OSS database (DB1) or having a match but characterized by at least one missing attribute;
  
  periodically compare the one or more unidentified components with the OSS components in the first OSS database (DB1) to identify one or more new matches based on continual updation of OSS components available in the public domain;
  
  update a second OSS database (DB2) comprising at least some of the one or more OSS components in the product having the one or more matches, the one or more new matches, the one or more unidentified components categorized as one or more proprietary components and OSS components previously available in the public domain;
  
  perform an OSS compliance analyses for the one or more OSS components in the product based on the usage type, the attributes associated thereof comprised in the second OSS database (DB2) and one or more pre-defined rules;
  
  generate a comprehensive report (R5) based on the OSS compliance analyses, wherein the comprehensive report (R5) includes a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein; and
  
  adaptively learn the one or more OSS components and the attributes associated thereof comprised in the comprehensive report (R5) and update the second OSS database (DB2).
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein at least the second OSS database (DB2) has a pre-defined format comprising the attributes including OSS component name, OSS component version, OSS component home page URL, OSS component license type, OSS component license URL, OSS component attribution note, license usage type, commercial distribution permission, OSS component compile permission, license compatibility with the OSS component license type associated with other OSS components comprised in the product or compatibility with proprietary license.
  - 8. The system of claim 7, wherein the one or more hardware processors are further configured to generate one or more reports comprising:
    - a first report (R1) pertaining to the one or more unidentified components;
      
      a second report (R2) pertaining to the one or more OSS components in the product having the strong copyleft license;
      
      a third report (R3) pertaining to the one or more OSS components in the product having the weak copyleft license; and
      
      a fourth report (R4) pertaining to the one or more OSS components in the product having the permissive license.
  - 9. The system of claim 8, wherein the one or more pre-defined rules comprise:
    - rejecting an OSS component if associated with the strong copy left license;
      
      approving an OSS component for inclusion in the second OSS database (DB2) if associated with the weak copy left license and the OSS usage type is one of the library not compiled with the product or the file not compiled with the product;
      
      rejecting an OSS component if associated with the weak copy left license and the OSS usage type is one of the library compiled with the product or the file compiled with the product;
      
      rejecting an OSS component if associated with the weak copy left license and the OSS usage type is the snippet; and
      
      approving an OSS component for inclusion in the second OSS database (DB2) if associated with the permissive license and the OSS usage is one of the library, the snippet or the file.
  - 10. The system of claim 9, wherein the one or more hardware processors are further configured to generate the comprehensive report (R5) by:
    - combining the first report (R1), the second report (R2), the third report (R3) and the fourth report (R4); and
      
      computing the final attribute wherein the final attribute is “
      
      Y”
      
      or “
      
      N”
      
      for each of the one or more OSS components in the product based on the one or more pre-defined rules corresponding to approving or rejecting of the OSS component respectively and wherein a “
      
      Y”
      
      for all of the one or more OSS components in the product is indicative of compliance with the attributes of each of the one or more OSS components comprised therein.

11. A computer program product comprising a non-transitory computer readable medium having a computer readable program embodied therein, wherein the computer readable program, when executed on a computing device, causes the computing device to:
- receive, a product embedded with one or more Open Source Software (OSS) components;
  
  compare each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches therebetween based on attributes associated thereof;
  
  categorize, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft;
  
  identify a usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the license usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary;
  
  identify as one or more unidentified components, the one or more OSS components in the product having no match with the OSS components available in the first OSS database (DB1) or having a match but characterized by at least one missing attribute;
  
  periodically compare the one or more unidentified components with the OSS components in the first OSS database (DB1) to identify one or more new matches based on continual updation of OSS components available in the public domain;
  
  update a second OSS database (DB2) comprising at least some of the one or more OSS components in the product having the one or more matches, the one or more new matches, the one or more unidentified components categorized as one or more proprietary components and OSS components previously available in the public domain;
  
  perform an OSS compliance analyses for the one or more OSS components in the product based on the usage type, the attributes associated thereof comprised in the second OSS database (DB2) and one or more pre-defined rules;
  
  generate a comprehensive report (R5) based on the OSS compliance analyses, wherein the comprehensive report (R5) includes a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein; and
  
  adaptively learn the one or more OSS components and the attributes associated thereof comprised in the comprehensive report (R5) and update the second OSS database (DB2).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TATA Consultancy Services Limited (Tata Sons Pvt Ltd.)
Original Assignee
TATA Consultancy Services Limited (Tata Sons Pvt Ltd.)
Inventors
SAHOO, Subhranshu Kumar, SETHI, Sarjinder Singh, PANDA, Prasanta, RAMAVARMA, Anjusree, BASHEER, Shajeer Kootala

Granted Patent

US 11,816,190 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/105   Arrangements for software l...

G06F 8/71   Version control security ar...

G06F 8/75   Structural analysis for pro...

SYSTEMS AND METHODS TO ANALYZE OPEN SOURCE COMPONENTS IN SOFTWARE PRODUCTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS TO ANALYZE OPEN SOURCE COMPONENTS IN SOFTWARE PRODUCTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links