FOSS-chain: using blockchain for Open Source Software license compliance
This program is tentative and subject to change.
Open Source Software (OSS) is widely used and accompanied by licenses that indicate the terms under which the software is provided for use, also specifying modification and distribution rules. Ensuring that users are respecting OSS license terms when creating derivative works is a complex process. Relevant compliance issues arising from incompatibilities among licenses may lead even to legal disputes. At the same time, the blockchain technology with immutable entries offers a mechanism to provide transparency when it comes to licensing and ensure software changes are recorded. In this work, we are introducing such an integration in order to tackle the issue of OSS license compatibility. We have designed, implemented and evaluated emph{FOSS-chain}, a web platform that uses blockchain and automates the license compliance process, supporting 14 OSS licenses. We have evaluated the initial prototype version of the emph{FOSS-chain} platform via a small scale user study. Our preliminary results demonstrate the ease of use of the system and its potential for adaptation on realistic software systems.
This program is tentative and subject to change.
Wed 3 DecDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
11:30 - 13:00 | Software Composition, Compliance, and SecurityResearch Papers / Short Papers and Posters / Industry Papers at Room 1 | ||
11:30 15mTalk | AI Alignment for Ethical Compliance and Risk Mitigation in Industrial Applications Research Papers Rushali Gupta Lund University, Qunying Song University College London, Matthias Wagner Lund University, Emelie Engstrom Lund University, Emma Söderberg Lund University, Markus Borg CodeScene, Per Runeson Lund University | ||
11:45 15mTalk | FOSS-chain: using blockchain for Open Source Software license compliance Research Papers Kypros Iacovou University of Cyprus, Georgia Kapitsaki University of Cyprus, Evangelia Vanezi University of Cyprus | ||
12:00 15mTalk | Pipelines Under Pressure: An Empirical Study of Security Misconfigurations of GitHub Workflows Research Papers Edoardo Riggio Software Institute - USI, Lugano, Cesare Pautasso Software Institute, Faculty of Informatics, USI Lugano | ||
12:15 15mTalk | Policy-driven Software Bill of Materials on GitHub: An Empirical Study Research Papers Oleksii Novikov Blekinge Institute of Technology, Davide Fucci Blekinge Institute of Technology, Oleksandr Adamov Blekinge Institute of Technology, Daniel Mendez Blekinge Institute of Technology and fortiss | ||
12:30 10mTalk | Cross-Domain Evaluation of Transformer-Based Vulnerability Detection on Open & Industry Data Industry Papers Moritz Mock Free University of Bozen-Bolzano, Thomas Forrer Wurth Phoenix S.r.l., Barbara Russo Free University of Bolzano Pre-print | ||
12:40 7mTalk | Detecting and Characterizing Low and No Functionality Packages in the NPM Ecosystem Short Papers and Posters Napasorn Tevarut Kasetsart University, Brittany Reid Nara Institute of Science and Technology, Yutaro Kashiwa Nara Institute of Science and Technology, Pattara Leelaprute Kasetsart University, Arnon Rungsawang Kasetsart University, Bundit Manaskasemsak Kasetsart University, Hajimu Iida Nara Institute of Science and Technology | ||
12:47 7mTalk | An Empirical Study of Security-Policy Related Issues in Open Source Projects Short Papers and Posters Rintaro Kanaji Nara Institute of Science and Technology, Brittany Reid Nara Institute of Science and Technology, Yutaro Kashiwa Nara Institute of Science and Technology, Raula Gaikovina Kula The University of Osaka, Hajimu Iida Nara Institute of Science and Technology | ||