Somewhere in the mid 80s (which is ancient history in the world of cybersecurity and computer science), it was stated by multiple sources that hackers had the ethical duty of sharing experience by writing open source code and promoting it to anyone that would like to see or use it, all under the common umbrella of doing it for the greater good of society. The operating system Linux, which took off in the 90s and hasn’t looked back, is the open source foundation of a collaborated effort between hobbyists, industry, and academia used to create software that is usable and improvable by anyone who is interested.
From GitHub to Microsoft
With similar DNA, Git is a free and open source software which organizes open source development of a project by using version control and distributed storage tools to track parallel efforts of coding or scripting by open source contributors. The remote repository that is most often used is GitHub. It hosts a huge variety of projects, contributed to by a full spectrum of specialists with varying skill levels. The public code repositories are where the platform gained popularity and notoriety amongst computer scientists and cybersecurity enthusiasts and the amount of information. For example, if you want to find customized ethical hacking tools that may aggregate functions, there is no better place to start than GitHub. Multiple Linux distributions are all available on GitHub and most have easy-to-follow programming and installation instructions. However, like Linux, GitHub has certain aspects of it that are proprietary in nature so it can thrive in the tech industry. It has always had subscription plans for private developers and organizations who take advantage of their collaborative software to work on projects in streamlined fashion. In 2018, Microsoft bought GitHub for $7.5 billion in stock. While experts say Microsoft grossly overpaid for the company, it did gain access to a massive amount of some of the best developers around.
John Does Fight for Copyright Violations
As you can imagine, it can get a little complicated when a large software developer buys an organization, known for free and open source collaboration. While it took awhile for the gasoline and flames to meet, a class action suit filed last week in the United States District Court, Northern District of California may be an indicator of things to come. The plaintiffs, identified as John Does, allege that Microsoft has developed and are selling AI-based coding tools that were built using open source repositories and the products created by these AI tools could be traced back to open source developers without any attribution given to the underlying authors.
All of this takes place, according to the complaint, when developers subscribe to Microsoft’s service. The basic premise of the lawsuit is copyright violations, failure to comply with their own user agreement by Microsoft, as well as breach of contract between GitHub, Microsoft, and their users as to open source licenses. Software licenses by open source developers are often complicated, but most all want credit and attribution, especially from for-profit companies. And some want the license to specifically exclude commercial use. It will be interesting to see whether more actions are filed by open source developers who use GitHub, more plaintiffs join this lawsuit, or the community gravitates to another repository out of concern and anger.
Joe Jabara, JD, is the Director, of the Hub, For Cyber Education and Awareness, Wichita State University. He also serves as an adjunct faculty at two other universities teaching Intelligence and Cyber Law. Prior to his current job, he served 30 years in the Air Force, Air Force Reserve, and Kansas Air National Guard. His last ten years were spent in command/leadership positions, the bulk of which were at the 184th Intelligence Wing as Vice Commander.