GGrantIndex
← Search

I-Corps: OSSPolice

$50,000FY2018TIPNSF

Georgia Tech Research Corporation, Atlanta GA

Investigators

Abstract

This technology will help mobile app developers do their due diligence and easily scan their apps for any legal and security issues, thereby not only protecting their brand, but also ensuring the security and privacy of end users. The technology also preserves the open-source software ecosystem, by enabling mobile app developers to proactively scan their app and identifying any inadvertent open-source license violations. Based on the reported results, app developers can either comply with the licensing terms of the software being used or switch over to a more permissive Open-Source Software (OSS). App stores are quickly getting crowded, with currently over 6 million apps. Therefore, app developers often rely on Open-Source Software (OSS) to reduce the development cost and quickly bring their apps to market. Unfortunately, careless use of OSS can introduce severe legal and security risks. If ignored, such risks can not only jeopardize the security and privacy of end users, but also cause high financial losses to businesses owning such apps and damage their brand. However, tracking all OSS components, their versions, and inter-dependencies can be tedious and error-prone, particularly if the OSS is imported with little to no knowledge of its provenance. This problem is exacerbated by the esoteric licensing terms of these OSS, as developers may lack awareness about the legal ramifications of their use. The PI's research team has built a fully-automated software system that analyzes mobile app binaries to detect usage of all Open-Source Software (OSS) components being used, and report associated security and legal risks. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →