MediaTech Law

By MIRSKY & COMPANY, PLLC

Equifax Breach Ignites Discussions about Open Source Software

Posted January 25, 2018 by Andrew Mirsky 0

In the recent Equifax data beach, massive amounts of personal information (including the names, social security numbers, birth dates, addresses and driver’s license numbers of 145.5 million U.S. consumers) were potentially accessed by hackers. As a result, Equifax parted ways with its CEO and other executives. While Equifax has offered credit monitoring and identity theft protection to victims, the full extent of the damage still may not be known for some time.

Interestingly, the incident has sparked a discussion about the use of open source software by companies because Equifax claims the breach was caused by a vulnerability in an open source application framework called Apache Struts (the formal name of the vulnerability is CVE-2017-5638). Apache Struts is a very popular framework for building web applications and was used by Equifax as part of a web portal that allowed consumers to dispute the accuracy of credit information.   For context, the vulnerability in Apache Struts is only one of many known and widely exploited security vulnerabilities in open source projects, including among others OpenSSL Heartbleed, gSOAP Devil’s Ivy, and Shellshock.

Equifax’s use of open source software is not unique. In a 2016 article in Wired, Kline Finley explained that open source can be the best way to develop software in part because it “lets companies share the burden of developing common infrastructure and compatibility standards.”

Read More

The Weird World of Open Source Software Licenses

Posted September 15, 2017 by Dylan Gilbert 0

I like to think that somewhere in America, at this very moment, a college kid has just agreed without reservation to accept five bucks from his friend to drink an entire bottle of hot sauce. Non-lawyers are often surprised to learn that, public policy concerns aside, such an agreement contains all the elements necessary to create a legally binding contract: Offer, acceptance and consideration.

Part of a lawyer’s job is to identify relevant legal issues lurking beneath factual scenarios. Issue spotting can be frustratingly difficult, however, because, as the absurd hot sauce agreement illustrates, the law is often counterintuitive. Counter-intuitions abound in the weird world of open source license agreements. License agreements have become commonplace in our tech-saturated lives. If you’re not sure what they are, jog your memory to the last time you downloaded an app for your laptop or smartphone. Remember being asked to read and agree to an endless list of terms and conditions? That contract that you “read” and agreed to was almost certainly an end user license agreement to use the app for a specific purpose.

Over the past twenty years or so, several copyright licensing movements have gained traction. In general, these new types of licenses challenge traditional notions of copyright protection by granting licensees the right to modify the original copyrighted material for future use free of charge so long as certain promises are kept and/or conditions are met.

One well-known movement is the Open Source Initiative, which reviews and approves open source software (OSS) licenses. OSS licenses typically provide licensees with the right to access the source code of the original software program (hence “open” source) and create new software programs subject to the terms of the license.

Read More

Podcast #9: App Development Legal Issues: Open Source, Copyright, API Terms of Use and More

Posted May 6, 2011 by Andrew Mirsky 0


Today, we will discuss the business and, particularly, the legal landscape faced by application (App) developers dealing with mobile platforms (iOS, Android and Blackberry being dominant), including dealing with application interfaces (APIs) when developing based on existing applications, and, of course, client relationships.

I am joined today by Liz Steininger, co-founder of Tapangi Consulting and project manager in the DC Government’s Office of the Chief Technology Officer.  Tapangi Consulting specializes in mobile and HTML5 application development as well as content management.  Liz is also an active member of the DC Tech community and you can find her on Twitter as @liz315.

Some of the issues we discuss today are these:

  • Protecting ideas in early stages of pitching to potential clients.
  • Application developer agreements and API Terms of Use (TOUs).
  • Platform question: As a developer, how do you think about development based on different platform (e.g. Android or iOS or Blackberry) or a specific API?
  • Copyright and “open source” issues, GPL, libraries, use of third-party code.
  • Ownership and Rights Issues
  • Privacy and uses of personal information (PI).

Please click here for the podcast.

Read More

Copyright 2022 Mirsky & Company, PLLC