Software code analysis and classification system and method

US 8,359,655 B1
Filed: 10/01/2009
Issued: 01/22/2013
Est. Priority Date: 10/03/2008
Status: Active Grant

First Claim

Patent Images

1. A method for analyzing source code for the existence of a licensing condition to provide a classification, comprising:

storing source code and license information in a datastore, the source code having a license associated therewith and the license information including a classification of each license stored in the datastore, the classifications of the licenses being based on an attribute of the licenses, wherein the classifications define at least one term or condition associated with each class of licenses;

receiving input software code to be analyzed for the at least one term or condition;

parsing the input software code to determine if a portion of the input software code matches source code in the datastore;

determining licenses associated with the portions of the input software code that match the source code to ascertain classifications of the licenses, the classification of the licenses, comprising;

defining a first class wherein there is no requirement that derivative works use the same open source license as original code from which it is derived;

defining a second class wherein derivative works that contain code from the original code from which it is derived must be licensed with the same license, but however, files that do not contain the original code may be licensed in any manner; and

defining a third class wherein any file that is combined with the original code must be licensed under the same license as the original code; and

generating an output report containing the classifications for the input software code.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for scanning software for the existence of a licensing condition. Software may be uploaded, scanned and compared against known software stored in a datastore. If the uploaded software matches known software in the datastore, a license associated with the known software may be determined. The license may have information associated with it, such as a classification based on risk and obligations. The classification of the license, as well as the obligation information may be returned as a report to a requester that uploaded software to easily identify the risks associated with incorporating the software into a larger code base or project.

Citations

18 Claims

1. A method for analyzing source code for the existence of a licensing condition to provide a classification, comprising:
- storing source code and license information in a datastore, the source code having a license associated therewith and the license information including a classification of each license stored in the datastore, the classifications of the licenses being based on an attribute of the licenses, wherein the classifications define at least one term or condition associated with each class of licenses;
  
  receiving input software code to be analyzed for the at least one term or condition;
  
  parsing the input software code to determine if a portion of the input software code matches source code in the datastore;
  
  determining licenses associated with the portions of the input software code that match the source code to ascertain classifications of the licenses, the classification of the licenses, comprising;
  
  defining a first class wherein there is no requirement that derivative works use the same open source license as original code from which it is derived;
  
  defining a second class wherein derivative works that contain code from the original code from which it is derived must be licensed with the same license, but however, files that do not contain the original code may be licensed in any manner; and
  
  defining a third class wherein any file that is combined with the original code must be licensed under the same license as the original code; and
  
  generating an output report containing the classifications for the input software code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising defining the classifications of the licenses based on an attribute of the licenses that applies to a population of licenses stored in the datastore.
  - 3. The method of claim 1, wherein the attribute is a requirement to make derivative works of licensed software free to third parties.
  - 4. The method of claim 1, further comprising determining obligations associated with the licenses, wherein the obligations include one of attribution requirements and a waiver of warranty.
  - 5. The method of claim 4, further comprising generating the output report containing the obligations.
  - 6. The method of claim 1, further comprising:
    - providing a user interface to a client device, the user interface enabling a definition of risks and classifications of licenses; and
      
      updating the datastore in accordance with the definition.
  - 7. The method of claim 1, further comprising:
    - receiving the source code and the license information from third party sources; and
      
      verifying the source code and the license information for population into the datastore.
  - 8. The method of claim 7, wherein the third party sources comprise one of developers, software repositories and licensing entities.
  - 9. The method of claim 1, further comprising integrating the method of analyzing source code with a software configuration management tool.

10. A method of managing a software codebase, comprising:
- indentifying a software object to be included or included within the software codebase;
  
  determining if the software object is subject to a restriction;
  
  analyzing the software object to classify the software object into a category, the category being determined in accordance with;
  
  a first class wherein there is no requirement that derivative works use the same open source license as original code from which it is derived;
  
  a second class wherein derivative works that contain code from the original code from which it is derived must be licensed with the same license, but however, files that do not contain the original code may be licensed in any manner; and
  
  a third class wherein any file that is combined with the original code must be licensed under the same license as the original code;
  
  determining a use of the software object in accordance with a policy; and
  
  determining compliance actions based on the category or the policy.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, further comprising determining the category in accordance with at least one of the following:
    - a license term or condition, a company policy, an industry standard, a community standard, and a government regulation.
  - 12. The method of claim 10, further comprising:
    - determining obligations based on the policy or the category; and
      
      for a permitted use of the software object, implementing the compliance actions such that usage and maintenance of the software object is documented and attribution requirement is satisfied.
  - 13. The method of claim 10, further comprising:
    - defining the categories based on risks and obligations associated with a license associated with the software object; and
      
      automatically generating the compliance actions from the categories.
  - 14. The method of claim 13, further comprising:
    - providing a self-help interface to enable the software object to be submitted to a software recognition engine for analysis; and
      
      integrating the method of managing the software codebase with a software management configuration tool.
  - 15. The method of claim 13, further comprising:
    - populating a datastore with source code and license information, the license information including the category of each license stored in the datastore;
      
      comparing the software object against the source code and the license information stored in the datastore; and
      
      determining the category based on the comparing step.

16. A non-transitory computer readable medium having a program for analyzing software code, the program when executed by a computing device performing the steps of:
- defining code and associated code information in a datastore, the code information including a category of licenses stored in the datastore, the category defining terms and conditions associated with each license, the category being further determined in accordance with;
  
  a first class wherein there is no requirement that derivative works use the same open source license as original code from which it is derived;
  
  a second class wherein derivative works that contain code from the original code from which it is derived must be licensed with the same license, but however, files that do not contain the original code may be licensed in any manner; and
  
  a third class wherein any file that is combined with the original code must be licensed under the same license as the original code;
  
  receiving an input to be analyzed for a licensing terms and conditions;
  
  determining if a portion of the input matches known code or code information in the datastore; and
  
  generating an output report based on the determining step.
- View Dependent Claims (17, 18)
- - 17. The non-transitory computer readable medium of claim 16, further comprising instructions that when executed by the computing device determining obligations associated with the category of each license, wherein the obligations define license restrictions and attribution requirements.
  - 18. The non-transitory computer readable medium of claim 16, further comprising instructions that when executed by the computing device:
    - receive the code and the code information from third party sources; and
      
      verify the code and license information for population into the datastore; and
      
      integrate with a software management configuration tool.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Andrew T. Pham
Original Assignee
Andrew T. Pham
Inventors
Pham, Andrew T.
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Mehedi, Morshed

Application Number

US12/572,215
Time in Patent Office

1,209 Days
Field of Search

726/26, 705/59
US Class Current

726/26
CPC Class Codes

G06F 21/10 Protecting distributed prog...

G06F 21/12 Protecting executable software

Software code analysis and classification system and method

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Software code analysis and classification system and method

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links