A6:2021 | Vulnerable and Outdated Components (9) | Cycubix Docs
What’s important?
- Can I use this component within the context of distribution of my software?.
- Are there license incompatibilities?.
- If using a modified component, did I addressed additional license obligations?.
- Projects declare a license:
- In a project metadata file.
- On the project website or source code repository page.
- Using a link to a license file in their own source code repository.
- In a license file within the project source tree.
- In the binary META-INF folder.
- Projects include licenses as headers in the source code.
Summary
- It is difficult to determine the scope of a license.
- A project often has license discrepancies.
- Developers are not lawyers .