A tool for identifying open-source license violation and one-day security risks at large scale

Georgia Tech inventors have created OSSPolice, a scalable and fully-automated tool for mobile app developers to analyze their apps quickly and identify free software license violations as well as usage of known vulnerable versions of OSS. OSSPolice introduces a hierarchical indexing scheme to achieve both high scalability and accuracy, and is capable of efficiently comparing similarities of app binaries against a database of hundreds of thousands of OSS sources (billions of lines of code).

Solution Advantages
  • Scalable
  • Fully-automated
  • Accuracy
Potential Commercial Applications
  • App development
  • Digital security
Background and More Information

With millions of apps available to users, the mobile app market is rapidly becoming very crowded. Given the intense competition, the time to market is a critical factor for the success and profitability of an app. In order to shorten the development cycle, developers often focus their efforts on the unique features and workflows of their apps and rely on third-party Open Source Software (OSS) for the common features. Unfortunately, despite their benefits, careless use of OSS can introduce significant legal and security risks, which if ignored can not only jeopardize security and privacy of end users, but can also cause app developers high financial loss. However, tracking OSS components, their versions, and interdependencies can be very tedious and error-prone, particularly if an OSS is imported with little to no knowledge of its provenance.