{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T12:29:19Z","timestamp":1771590559041,"version":"3.50.1"},"reference-count":89,"publisher":"Association for Computing Machinery (ACM)","issue":"FSE","license":[{"start":{"date-parts":[[2024,7,12]],"date-time":"2024-07-12T00:00:00Z","timestamp":1720742400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["2217733"],"award-info":[{"award-number":["2217733"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Proc. ACM Softw. Eng."],"published-print":{"date-parts":[[2024,7,12]]},"abstract":"Most modern software products incorporate open source components, which requires compliance with each component\u2019s licenses. As noncompliance can lead to significant repercussions, organizations often seek advice from legal practitioners to maintain license compliance, address licensing issues, and manage the risks of noncompliance. While legal practitioners play a critical role in the process, little is known in the software engineering community about their experiences within the open source license compliance ecosystem. To fill this knowledge gap, a joint team of software engineering and legal researchers designed and conducted a survey with 30 legal practitioners and related occupations and then held 16 follow-up interviews. We identified different aspects of OSS license compliance from the perspective of legal practitioners, resulting in 14 key findings in three main areas of interest: the general ecosystem of compliance, the specific compliance practices of legal practitioners, and the challenges that legal practitioners face. We discuss the implications of our findings.<\/jats:p>","DOI":"10.1145\/3643766","type":"journal-article","created":{"date-parts":[[2024,7,12]],"date-time":"2024-07-12T10:22:09Z","timestamp":1720779729000},"page":"882-905","source":"Crossref","is-referenced-by-count":6,"title":["\u201cThe Law Doesn\u2019t Work Like a Computer\u201d: Exploring Software Licensing Issues Faced by Legal Practitioners"],"prefix":"10.1145","volume":"1","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-2123-7412","authenticated-orcid":false,"given":"Nathan","family":"Wintersgill","sequence":"first","affiliation":[{"name":"William & Mary, Williamsburg, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-6000-4227","authenticated-orcid":false,"given":"Trevor","family":"Stalnaker","sequence":"additional","affiliation":[{"name":"William & Mary, Williamsburg, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9258-2105","authenticated-orcid":false,"given":"Laura A.","family":"Heymann","sequence":"additional","affiliation":[{"name":"William & Mary, Williamsburg, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2838-685X","authenticated-orcid":false,"given":"Oscar","family":"Chaparro","sequence":"additional","affiliation":[{"name":"William & Mary, Williamsburg, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5626-7586","authenticated-orcid":false,"given":"Denys","family":"Poshyvanyk","sequence":"additional","affiliation":[{"name":"William & Mary, Williamsburg, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,7,12]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"[n. d.]. The 3-Clause BSD License. https:\/\/opensource.org\/license\/bsd-3-clause\/. Accessed: 2023-14-09."},{"key":"e_1_3_1_3_2","unstructured":"[n. d.]. BlackDuck Software Composition Analysis. https:\/\/www.synopsys.com\/software-integrity\/security-testing\/software-composition-analysis.html. Accessed: 2023-27-09."},{"key":"e_1_3_1_4_2","unstructured":"[n. d.]. FOSSology. https:\/\/www.fossology.org\/. Accessed: 2023-27-09."},{"key":"e_1_3_1_5_2","unstructured":"[n. d.]. Free Software Foundation. https:\/\/www.fsf.org\/. Accessed: 2023-20-09."},{"key":"e_1_3_1_6_2","unstructured":"[n. d.]. Frequently Asked Questions about the GNU Licenses. https:\/\/www.gnu.org\/licenses\/gpl-faq.html. Accessed: 2023-26-09."},{"key":"e_1_3_1_7_2","unstructured":"[n. d.]. GitHub. https:\/\/github.com\/. Accessed: 2023-20-09."},{"key":"e_1_3_1_8_2","unstructured":"[n. d.]. GNU General Public License version 3. https:\/\/opensource.org\/license\/gpl-3-0\/. Accessed: 2023-14-09."},{"key":"e_1_3_1_9_2","unstructured":"[n. d.]. GNU Lesser General Public License version 2.1. https:\/\/opensource.org\/license\/lgpl-2-1\/. Accessed: 2023-14-09."},{"key":"e_1_3_1_10_2","unstructured":"[n. d.]. Hacker News. https:\/\/news.ycombinator.com\/. Accessed: 2023-25-09."},{"key":"e_1_3_1_11_2","unstructured":"[n. d.]. MIT License. https:\/\/opensource.org\/license\/mit\/. Accessed: 2023-14-09."},{"key":"e_1_3_1_12_2","unstructured":"[n. d.]. Open Source Initiative. https:\/\/opensource.org\/. Accessed: 2023-20-09."},{"key":"e_1_3_1_13_2","unstructured":"[n. d.]. ScanCode Toolkit. https:\/\/github.com\/nexB\/scancode-toolkit. Accessed: 2023-27-09."},{"key":"e_1_3_1_14_2","unstructured":"1992. U.S. Court of Appeals for the Ninth Circuit Lewis Galoob Toys Inc. v. Nintendo of America Inc. 964 F.2d 965."},{"key":"e_1_3_1_15_2","unstructured":"2006. Report of License Proliferation Committee and draft FAQ. https:\/\/opensource.org\/proliferation-report\/. Accessed: 2023-20-09."},{"key":"e_1_3_1_16_2","unstructured":"2011. VLC engine relicensed to LGPL. https:\/\/www.videolan.org\/press\/lgpl-libvlc.html. Accessed: 2023-20-09."},{"key":"e_1_3_1_17_2","unstructured":"2019. MySQL-MariaDB History talk. https:\/\/mariadb.org\/wp-content\/uploads\/2019\/11\/MySQL-MariaDB-story.pdf. Accessed: 2023-27-09."},{"key":"e_1_3_1_18_2","unstructured":"2021. Copyright Registration of Computer Programs. https:\/\/www.copyright.gov\/circs\/circ61.pdf. Accessed: 2023-2509."},{"key":"e_1_3_1_19_2","unstructured":"2021. U.S. Code Title 17 Section 106. https:\/\/www.govinfo.gov\/app\/details\/USCODE-2021-title17\/USCODE-2021-title17-chap1-sec106\/summary. Accessed: 2023-25-09."},{"key":"e_1_3_1_20_2","unstructured":"2023. HashiCorp\u2019s Licensing Change is only the Latest Challenge to Open Source. https:\/\/thenewstack.io\/hashicorp-abandons-open-source-for-business-source-license\/. Accessed: 2023-20-09."},{"key":"e_1_3_1_21_2","unstructured":"2023. Open Source Security and Risk Analysis report. https:\/\/www.synopsys.com\/content\/dam\/synopsys\/sig-assets\/reports\/rep-ossra-2023.pdf. Accessed: 2023-14-09."},{"key":"e_1_3_1_22_2","unstructured":"2023. The 2023 Am Law 100. https:\/\/www.law.com\/americanlawyer\/am-law-100\/."},{"key":"e_1_3_1_23_2","unstructured":"2024. OSI Approved Licenses. https:\/\/opensource.org\/licenses\/. Accessed: 2024-20-02."},{"key":"e_1_3_1_24_2","unstructured":"2024. SPDX License List. https:\/\/spdx.org\/licenses\/. Accessed: 2024-20-02."},{"key":"e_1_3_1_25_2","unstructured":"[n.d.]. Qualtrics. https:\/\/www.qualtrics.com\/. Accessed: 2023-21-06."},{"key":"e_1_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"e_1_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2017.7"},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-018-9614-9"},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2017.7884629"},{"key":"e_1_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2019.2907766"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-018-9650-5"},{"key":"e_1_3_1_32_2","unstructured":"Mahak Bandi. 2019. All About Open Source Licenses. https:\/\/fossa.com\/blog\/what-do-open-source-licenses-even-mean\/. Accessed: 2023-24-09."},{"key":"e_1_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10961-023-09993-x"},{"key":"e_1_3_1_34_2","unstructured":"Thomas Claburn. 2022. GPL legal battle: Vizio told by judge it will have to answer breach-of-contract claims. https:\/\/www.theregister.com\/2022\/05\/16\/vizio_gpl_contract\/. Accessed: 2023-14-09."},{"key":"e_1_3_1_35_2","unstructured":"Thomas Claburn. 2023. John Deere urged to surrender source code under GPL. https:\/\/www.theregister.com\/2023\/03\/17\/john_deere_sfc_gpl\/. Accessed: 2023-14-09."},{"key":"e_1_3_1_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/1721654.1721667"},{"key":"e_1_3_1_37_2","doi-asserted-by":"publisher","unstructured":"Massimiliano Di Penta Daniel M German Yann-Gael Gueheneuc and Giuliano Antoniol. 2010. An exploratory study of the evolution of software licensing. In Proceedings of the 32nd ACM\/IEEE International Conference on Software Engineering-Volume 1. 145-154. https:\/\/doi.org\/10.1145\/1806799.1806824 10.1145\/1806799.1806824.","DOI":"10.1145\/1806799.1806824"},{"key":"e_1_3_1_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2019.8667977"},{"key":"e_1_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.31"},{"key":"e_1_3_1_40_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-009-9180-1"},{"key":"e_1_3_1_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2012.50"},{"key":"e_1_3_1_42_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2010.48"},{"key":"e_1_3_1_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2009.5069483"},{"key":"e_1_3_1_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070520"},{"key":"e_1_3_1_45_2","unstructured":"Rishab Aiyer Ghosh. 2007. Economic impact of open source software on innovation and the competitiveness of the Information and Communication Technologies (ICT) sector in the EU. https:\/\/www.semanticscholar.org\/paper\/Economic-impact-of-open-source-software-on-and-the-Ghosh\/4f0469c3702f5a22176265c72d0d764bc0447774"},{"key":"e_1_3_1_46_2","doi-asserted-by":"publisher","unstructured":"Yaroslav Golubev Maria Eliseeva Nikita Povarov and Timofey Bryksin. 2020. A Study of Potential Code Borrowing andLicense Violationsin Java Projects on GitHub. In Proceedings of the 17thInternational Conference on Mining Software Repositories (MSR'20). 54-64. https:\/\/doi.org\/10.1145\/3379597.3387455 10.1145\/3379597.3387455.","DOI":"10.1145\/3379597.3387455"},{"key":"e_1_3_1_47_2","unstructured":"Grant Gross. 2007. Open-source legal group strikes again on BusyBox suing Verizon. https:\/\/www.computerworld.com\/article\/2537947\/open-source-legal-group-strikes-again-on-busybox--suing-verizon.html. Accessed: 2023-14-09."},{"key":"e_1_3_1_48_2","volume-title":"Survey Methodology","author":"Groves Robert M.","year":"2009","unstructured":"Robert M. Groves, Floyd J. Jr. Fowler, Mick P. Couyper, James M. Lepkowski, Eleanor Singer, and Roger Tourangeau. 2009 Survey Methodology, Wiley, 2nd edition.","edition":"2"},{"key":"e_1_3_1_49_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10506-022-09323-w"},{"key":"e_1_3_1_50_2","doi-asserted-by":"publisher","DOI":"10.1111\/j.1747-4469.2004.tb00338.x"},{"key":"e_1_3_1_51_2","doi-asserted-by":"publisher","unstructured":"Armijn Hemel Karl Trygve Kalleberg Rob Vermaas and Eelco Dolstra. 2011. Finding software license violations through binary code clone detection. In Proceedings of the 8th Working Conference on Mining Software Repositories (MSR'11). 63-72. https:\/\/doi.org\/10.1145\/1985441.1985453 10.1145\/1985441.1985453.","DOI":"10.1145\/1985441.1985453"},{"key":"e_1_3_1_52_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2909021"},{"key":"e_1_3_1_53_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2016.06.064"},{"key":"e_1_3_1_54_2","doi-asserted-by":"publisher","DOI":"10.1109\/SEAA51224.2020.00022"},{"key":"e_1_3_1_55_2","doi-asserted-by":"publisher","DOI":"10.1145\/566493.566495"},{"key":"e_1_3_1_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/511152.511155"},{"key":"e_1_3_1_57_2","doi-asserted-by":"publisher","DOI":"10.1145\/638574.638580"},{"key":"e_1_3_1_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/571681.571686"},{"key":"e_1_3_1_59_2","doi-asserted-by":"publisher","DOI":"10.1145\/638750.638758"},{"key":"e_1_3_1_60_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00070"},{"key":"e_1_3_1_61_2","doi-asserted-by":"publisher","DOI":"10.1109\/SEAI52285.2021.9477531"},{"key":"e_1_3_1_62_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-08129-3_6"},{"key":"e_1_3_1_63_2","doi-asserted-by":"publisher","unstructured":"Laura Manor and Junyi Jessy Li. 2019. Plain English Summarization of Contracts. arXiv preprint arXiv:1906.00424 (2019). https:\/\/doi.org\/10.48550\/arXiv.1906.00424 10.48550\/arXiv.1906.00424.","DOI":"10.48550\/arXiv.1906.00424"},{"key":"e_1_3_1_64_2","volume-title":"Open source for business: a practical guide to open source software licensing","author":"Meeker Heather","year":"2017","unstructured":"Heather Meeker 2017 Open source for business: a practical guide to open source software licensing. CreateSpace."},{"key":"e_1_3_1_65_2","doi-asserted-by":"publisher","unstructured":"Romulo Meloca Gustavo Pinto Leonardo Baiser Marco Mattos Ivanilton Polato Igor Scaliante Wiese and Daniel M German. 2018. Understanding the Usage Impact and Adoption of Non-OSI Approved Licenses. In Proceedings of the 15th International Conference on Mining Software Repositories. 270-280. https:\/\/doi.org\/10.1145\/3196398.3196427 10.1145\/3196398.3196427.","DOI":"10.1145\/3196398.3196427"},{"key":"e_1_3_1_66_2","doi-asserted-by":"publisher","DOI":"10.1145\/3473582"},{"key":"e_1_3_1_67_2","unstructured":"Ron Miller. 2023. Terraform fork gets renamed OpenTofu and joins Linux Foundation. https:\/\/techcrunch.com\/2023\/09\/20\/terraform-fork-gets-a-new-name-opentofu-and-joins-linux-foundation\/. Accessed: 2023-21-09."},{"key":"e_1_3_1_68_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.73"},{"key":"e_1_3_1_69_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09936-2"},{"key":"e_1_3_1_70_2","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2020.3011082"},{"key":"e_1_3_1_71_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2021.111113"},{"key":"e_1_3_1_72_2","doi-asserted-by":"publisher","DOI":"10.1145\/505532.505535"},{"key":"e_1_3_1_73_2","doi-asserted-by":"publisher","DOI":"10.2197\/ipsjjip.29.296"},{"key":"e_1_3_1_74_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2900307"},{"key":"e_1_3_1_75_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-13-7099-1_5"},{"key":"e_1_3_1_76_2","volume-title":"Card sorting: Designing usable categories","author":"Spencer Donna","year":"2009","unstructured":"Donna Spencer 2009 Card sorting: Designing usable categories. Rosenfeld Media."},{"key":"e_1_3_1_77_2","doi-asserted-by":"publisher","unstructured":"Trevor Stalnaker Nathan Wintersgill Oscar Chaparro Massimiliano Di Penta Daniel M German and Denys Poshyvanyk. 2024. BOMs Away! Inside the Minds of Stakeholders: A Comprehensive Study of Bills of Materials for Software Systems. In Proceedings of the 46th IEEE\/ACM International Conference on Software Engineering (ICSE'24). 1-13. https:\/\/doi.org\/10.1145\/3597503.3623347 10.1145\/3597503.3623347.","DOI":"10.1145\/3597503.3623347"},{"key":"e_1_3_1_78_2","doi-asserted-by":"publisher","unstructured":"Amjed Tahir Aiko Yamashita Sherlock Licorish Jens Dietrich and Steve Counsell. 2018. Can you tell me if it smells?: A study on how developers discuss code smells and anti-patterns in Stack Overflow. In Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering (EASE'18). 68-78. https:\/\/doi.org\/10.1145\/3210459.3210466 10.1145\/3210459.3210466.","DOI":"10.1145\/3210459.3210466"},{"key":"e_1_3_1_79_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10515-009-0054-z"},{"key":"e_1_3_1_80_2","unstructured":"Ashlee Vance. 2010. The Defenders of Free Software. https:\/\/www.nytimes.com\/2010\/09\/26\/business\/26ping.html. Accessed: 2023-14-09."},{"key":"e_1_3_1_81_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-016-9438-4"},{"key":"e_1_3_1_82_2","doi-asserted-by":"publisher","unstructured":"Christopher Vendome Daniel M German Massimiliano Di Penta Gabriele Bavota Mario Linares-Vasquez and Denys Poshyvanyk. 2018. To Distribute or Not to Distribute? Why Licensing Bugs Matter. In Proceedings of the 40th International Conference on Software Engineering (ICSE'18). 268-279. https:\/\/doi.org\/10.1145\/3180155.3180221 10.1145\/3180155.3180221.","DOI":"10.1145\/3180155.3180221"},{"key":"e_1_3_1_83_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.19"},{"key":"e_1_3_1_84_2","doi-asserted-by":"publisher","unstructured":"Bart Verheij. 2017. Formalizing Arguments Rules and Cases. In Proceedings of the 16th edition of the International Conference on Artificial Intelligence and Law (ICAIL'17). 199-208. https:\/\/doi.org\/10.1145\/3086512.3086533 10.1145\/3086512.3086533.","DOI":"10.1145\/3086512.3086533"},{"key":"e_1_3_1_85_2","unstructured":"James Vincent. 2022. The lawsuit that could rewrite the rules of AI copyright. https:\/\/www.theverge.com\/2022\/11\/8\/23446821\/microsoft-openai-github-copilot-class-action-lawsuit-ai-copyright-violation-training-data. Accessed: 2023-14-09."},{"key":"e_1_3_1_86_2","doi-asserted-by":"publisher","unstructured":"Nathan Wintersgill Trevor Stalnaker Laura Heymann Oscar Chaparro and Denys Poshyvanyk. 2023. Online replication package. https:\/\/github.com\/nwintersgill\/licensing_issues_study. Most recent version at https:\/\/doi.org\/10.5281\/zenodo.10685670 10.5281\/zenodo.10685670 evaluated at https:\/\/doi.org\/10.5281\/zenodo.11094742 10.5281\/zenodo.11094742.","DOI":"10.5281\/zenodo.10685670"},{"key":"e_1_3_1_87_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2015.37"},{"key":"e_1_3_1_88_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-016-9487-8"},{"key":"e_1_3_1_89_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE56229.2023.00175"},{"key":"e_1_3_1_90_2","doi-asserted-by":"publisher","unstructured":"Stefano Zacchiroli. 2022. A Large-scale Dataset of (Open Source) License Text Variants. In Proceedings of the 19th International Conference on Mining Software Repositories (MSR'22). 757-761. https:\/\/doi.org\/10.1145\/3524842.3528491 10.1145\/3524842.3528491.","DOI":"10.1145\/3524842.3528491"}],"container-title":["Proceedings of the ACM on Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3643766","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3643766","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3643766","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T07:57:30Z","timestamp":1770191850000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3643766"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,12]]},"references-count":89,"journal-issue":{"issue":"FSE","published-print":{"date-parts":[[2024,7,12]]}},"alternative-id":["10.1145\/3643766"],"URL":"https:\/\/doi.org\/10.1145\/3643766","relation":{},"ISSN":["2994-970X"],"issn-type":[{"value":"2994-970X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7,12]]}}}