%0 Journal Article %J Technology Innovation Management Review %D 2016 %T License Compliance in Open Source Cybersecurity Projects %A Ahmed Shah %A Selman Selman %A Ibrahim Abualhaol %K contamination %K copyright %K cybersecurity %K GPL %K license %K open source %K third-party code %X Developers of cybersecurity software often include and rely upon open source software packages in their commercial software products. Before open source code is absorbed into a proprietary product, developers must check the package license to see if the project is permissively licensed, thereby allowing for commercial-friendly inheritance and redistribution. However, there is a risk that the open source package license could be inaccurate due to being silently contaminated with restrictively licensed open source code that may prohibit the sale or confidentiality of commercial derivative work. Contamination of commercial products could lead to expensive remediation costs, damage to the company's reputation, and costly legal fees. In this article, we report on our preliminary analysis of more than 200 open source cybersecurity projects to identify the most frequently used license types and languages and to look for evidence of permissively licensed open source projects that are likely contaminated by restrictive licensed material (i.e., containing commercial-unfriendly code). Our analysis identified restrictive license contamination cases occurring in permissively licensed open source projects. Furthermore, we found a high proportion of code that lacked copyright attribution. We expect that the results of this study will: i) provide managers and developers with an understanding of how contamination can occur, ii) provide open source communities with an understanding on how they can better protect their intellectual property by including licenses and copyright information in their code, and ii) provide entrepreneurs with an understanding of the open source cybersecurity domain in terms of licensing and contamination and how they affect decisions about cybersecurity software architectures. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 6 %P 28-35 %8 02/2016 %G eng %U http://timreview.ca/article/966 %N 2 %1 Carleton University Ahmed Shah holds a BEng in Software Engineering and is pursuing an MASc degree in Technology Innovation Management at Carleton University in Ottawa, Canada. Ahmed has experience working in cybersecurity research with the VENUS Cybersecurity Corporation and has experience managing legal deliverables at IBM. %2 Carleton University Selman Selman is a Software Engineer at Synopsys under the Software Integrity Group. He is also carrying out graduate studies in Technology Innovation Management at Carleton University in Ottawa, Canada. %3 Carleton University Ibrahim Abualhaol holds BSc and MSc degrees in Electrical Engineering from Jordan University of Science and Technology, an MEng in Technology Innovation Management from Carleton University in Ottawa, Canada, and a PhD in Electrical Engineering from the University of Mississippi in Oxford, United States. He worked for two years as a Wireless Engineer at Broadcom Corporation and as a System Engineer Intern at Qualcomm Incorporation in the United States. He then worked as an Assistant Professor of Wireless Communications at Khalifa University, United Arab Emirates for four years. Currently, he is a Cybersecurity R & D Engineer working on operationalizing collective intelligence with artificial intelligence to improve cybersecurity. He is senior member of IEEE, a member of Phi Kappa Phi, and a member of Sigma Xi. %R http://doi.org/10.22215/timreview/966