CliffsNotes for Open Source Licensing

Apr 11, 2022 | IT Thought Leadership CliffsNotes for Open Source Licensing

The Complexity of Open Source Licensing

Organizations everywhere are adopting the use of open-source software components at a high rate within their custom-built software applications to speed up the development process. However, this introduces risks such as the legal implications of the open-source license attached to open source components which governs how it can be used legally. The legal requirements of these licenses can be complex and confusing for individuals without expertise in intellectual property laws. What if there were an easier way to interpret the requirements of an open source license without needing a degree in intellectual property law?

If you grew up and attended school in the United States in the last few decades, you may be very familiar with CliffsNotes. These brief “study guides” summarized literary works to help students better understand the material. There are pros and cons to using CliffsNotes, but they have been hugely successful with students for many years. In the latest product release of CAST Highlight, we introduced the Open Source Licensing Rulebook to help interpret open source license requirements. We like to think of it as the “CliffsNotes” for open source licensing.

The Popularity of CliffsNotes

CliffsNotes started way back in 1958 to initially help students better understand works by William Shakespeare. As many of us know, when reading a Shakespeare work for the first time, the language can be quite confusing and difficult to interpret. It’s kind of like reading a story written in the form of a poem that requires constant interpretation by the reader. CliffsNotes helped us better understand works that may have been confusing to read (such as Shakespeare) by summarizing the story in more commonly understood language and sometimes explaining the deeper meaning of key parts of the story. They are designed to be used as a supplement for reading the original work, not a replacement. But, many teachers discouraged using CliffsNotes because they felt students would use them alone and never read the original work. This would often get students into trouble because teachers would intentionally ask questions on tests about the material that could only be answered accurately if the entire original work was read and understood. This never happened to me personally, but I remember hearing about it from friends.

This is a great metaphor for the latest capability released in CAST Highlight, the open source license rulebook that performs a similar function as CliffsNotes. However, instead of helping someone better understand and interpret a literary work, it does this for the legal text of an open source software license.

Demystifying Open Source Licensing

The CAST Highlight Open Source License Rulebook is a new capability built directly into the user interface of the product. When viewing an open source component and its associated license(s), the user can click on a license name to bring up the rulebook. The rulebook Includes the license text itself (i.e., the original literary work) which is often written using a lot of legal language and terminology that can be confusing and misleading to individuals without experience interpreting intellectual property law (i.e., most of us). The rulebook also automatically interprets the text of an open source component license and breaks it down into easy to understand requirements such as:

  • What the license allows (e.g., modification of the software)
  • What the license does not allow (e.g., commercial distribution of the modified work)
  • What users of the component must do (e.g., include the original copyright notice with all derivative works)
  • What additional properties exist in the license (if any) (e.g., FAQs about the component)

This information is presented in a user-friendly, color-coded screen viewable directly in the CAST Highlight user interface. When new licenses are detected, CAST Highlight will automatically generate the new rulebook without any need for user intervention.

GNU General Public License v3.0 only (GPL-3.0)

Learn more about how this capability works in detail here. CAST has also published a comprehensive Open Source License Reference Guide that aggregates the rulebooks of open source components into a single document, available as a free download.

Similar to CliffsNotes, the CAST Highlight Open Source License Rulebook is designed to be used as a supplement to the actual license text itself and act as a guide for users. However, it should not be used in isolation and never as a replacement for review by an intellectual property legal expert.

Check out this and the other new capabilities in the Spring 2022 release of CAST Highlight which you can learn more about below.

What’s new in CAST Highlight?

Open Source License Rulebook

Open Source License Rulebook

Easily understand legal requirements of OSS licenses directly in the CAST Highlight UI including a summary of permissions and constraints along with the actual license text.
Read more about this feature

Shadow
Automatic Notification of New Component Vulnerabilities

Automatic Notification of New Component Vulnerabilities

Shorten the time to mitigate security risks by getting automated email notifications from CAST Highlight about newly reported vulnerabilities across an application portfolio.

Shadow
SBOM Improvements (export for legal teams and CycloneDX support)

SBOM Improvements (export for legal teams and CycloneDX support)

Consume SBOM data from CAST Highlight with more flexibility using the new legal-focused Word export option and support for the CycloneDX standard.

Shadow
Copyright detection for 3rd Party / Open Source Components

Copyright detection for 3rd Party / Open Source Components

View open source component copyright details automatically in CAST Highlight to generate attribution notices as part of the Bill of Materials.

Shadow
C/C++ CloudReady Support


C/C++ CloudReady Support

Better plan cloud migrations for C/C++ applications using 19 new CloudReady patterns for detecting Blockers and Boosters.
See technology coverage

Shadow
CloudReady Blocker Exclusions


CloudReady Blocker Exclusions

Improve accuracy of Cloud Readiness planning by excluding cloud migration Blockers directly in the CAST Highlight UI in scenarios where the Blocker is being addressed outside of the application code and it should not negatively impact the application’s CloudReady score calculation.
Read more about this feature

Shadow
Many other feature improvements


Many other feature improvements

The product team also took the opportunity with this new version to introduce many additional feature improvements to increase ease of use such as: performance improvements of some dashboards, UX improvements of the SCA browser extension, and much more.