Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

"The Law Doesn't Work Like a Computer": Exploring Software Licensing Issues Faced by Legal Practitioners

Nathan Wintersgill, Trevor Stalnaker, Laura A. Heymann, Oscar Chaparro, Denys Poshyvanyk

TL;DR

This paper addresses the challenge of OSS license compliance from the perspective of legal practitioners, a largely underexplored viewpoint in software engineering. Using a mixed-methods approach—an online survey of 30 practitioners and 16 follow-up interviews—the authors identify 14 key findings spanning the OSS licensing ecosystem, compliance processes, and the challenges practitioners face. They reveal a reliance on OSI licenses to minimize proliferation, the common but imperfect use of tooling, and the central role of developers complemented by OSPOs, with governance influenced by community norms due to limited court guidance. The authors argue for integrated, ongoing compliance embedded in development workflows, improved tooling, robust provenance tracking, and stronger collaboration between legal and engineering teams to reduce risk and accelerate compliant software delivery.

Abstract

Most modern software products incorporate open source components, which requires compliance with each component's licenses. As noncompliance can lead to significant repercussions, organizations often seek advice from legal practitioners to maintain license compliance, address licensing issues, and manage the risks of noncompliance. While legal practitioners play a critical role in the process, little is known in the software engineering community about their experiences within the open source license compliance ecosystem. To fill this knowledge gap, a joint team of software engineering and legal researchers designed and conducted a survey with 30 legal practitioners and related occupations and then held 16 follow-up interviews. We identified different aspects of OSS license compliance from the perspective of legal practitioners, resulting in 14 key findings in three main areas of interest: the general ecosystem of compliance, the specific compliance practices of legal practitioners, and the challenges that legal practitioners face. We discuss the implications of our findings.

"The Law Doesn't Work Like a Computer": Exploring Software Licensing Issues Faced by Legal Practitioners

TL;DR

This paper addresses the challenge of OSS license compliance from the perspective of legal practitioners, a largely underexplored viewpoint in software engineering. Using a mixed-methods approach—an online survey of 30 practitioners and 16 follow-up interviews—the authors identify 14 key findings spanning the OSS licensing ecosystem, compliance processes, and the challenges practitioners face. They reveal a reliance on OSI licenses to minimize proliferation, the common but imperfect use of tooling, and the central role of developers complemented by OSPOs, with governance influenced by community norms due to limited court guidance. The authors argue for integrated, ongoing compliance embedded in development workflows, improved tooling, robust provenance tracking, and stronger collaboration between legal and engineering teams to reduce risk and accelerate compliant software delivery.

Abstract

Most modern software products incorporate open source components, which requires compliance with each component's licenses. As noncompliance can lead to significant repercussions, organizations often seek advice from legal practitioners to maintain license compliance, address licensing issues, and manage the risks of noncompliance. While legal practitioners play a critical role in the process, little is known in the software engineering community about their experiences within the open source license compliance ecosystem. To fill this knowledge gap, a joint team of software engineering and legal researchers designed and conducted a survey with 30 legal practitioners and related occupations and then held 16 follow-up interviews. We identified different aspects of OSS license compliance from the perspective of legal practitioners, resulting in 14 key findings in three main areas of interest: the general ecosystem of compliance, the specific compliance practices of legal practitioners, and the challenges that legal practitioners face. We discuss the implications of our findings.
Paper Structure (27 sections, 1 figure, 2 tables)

This paper contains 27 sections, 1 figure, 2 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Study Design
  4. Survey Design and Participant Identification
  5. Survey Response Collection and Analysis
  6. Interview Design and Analysis
  7. Results
  8. RQ1: The Ecosystem of OSS License Compliance Experienced by Legal Practitioners
  9. License Selection and Proliferation
  10. License Exceptions
  11. Licensing Changes and Multi-licensing
  12. License Violations
  13. License Enforcement and Dispute Resolution
  14. RQ2: The Process of OSS License Compliance from a Legal Perspective
  15. When Compliance is Done
  16. ...and 12 more sections

Figures (1)

  • Figure :