This case carries implications for enterprise use of copyrighted code as well, Solomon said. Cox, noted that willful blindness to copyright law - for example, where employees know that the resources they distribute are subject to copyright - does not go over well in copyright cases. A federal jury found in 2019 that the employees had violated intellectual property law and ordered the school district to pay $9.2 million in damages.Īn opinion piece on the decision, attributed to policy attorney Krista L.
in Marble Falls, Texas, sued the Houston Independent School District after a group of school district employees redistributed unauthorized copies of a study guide with cropped-out or covered-up copyright warnings and logos. In that case, study guide creator DynaStudy Inc.
#Codeexpander software
However, enterprise developers will expand an enterprise's risk profile if they knowingly provide software that may not be fully compliant with intellectual property law, he said.Ī 2016 case may shed some light on the GitHub Copilot lawsuit, according to Solomon.
It doesn't make any sense for GitHub or Microsoft to get involved with indemnity at this point, according to attorney Aron Solomon, head of strategy and chief legal analyst at Esquire Digital. "One option would be to ensure the agreements with GitHub or Microsoft give the customers indemnity from lawsuits."Ī GitHub spokesperson said the company will continue to develop Copilot responsibly but declined to comment on whether it will offer indemnity to enterprise customers. "Copilot for business is a good step forward, but large enterprises should ensure that piracy lawsuits do not affect them," Carvalho said. Other GitHub Universe news this week included a licensed version of Copilot with admin controls for business and a voice-to-code tool called Hey, GitHub! But industry and legal experts warned the company's response to a class-action lawsuit alleging Copilot copyright infringement might affect this roadmap. GitHub Copilot expansion plans face litigation challenge GitHub has no plans for a financial incentive structure for private vulnerability reporting, according to a GitHub spokesperson, but the company is working with members of the open source and security research community to gather feedback on this and other topics as the platform rolls out. HackerOne, which creates and manages bug bounty programs, is one option that GitHub should consider to encourage participation, he said. "Private vulnerability reporting will keep the good actors a step ahead of bad actors and reduce risk to the software community - the challenge will be to encourage those reporting vulnerabilities to use secret channels."Ī system that monetarily rewards this behavior might speed up the adoption process, Carvalho added. "Any tool that reduces the application security risk speeds up innovation," said Larry Carvalho, principal consultant at Robust Cloud. Larry CarvalhoPrincipal consultant, Robust Cloud The challenge will be to encourage those reporting vulnerabilities to use secret channels. Private vulnerability reporting will keep the good actors a step ahead of bad actors and reduce risk to the software community.
Private security disclosure is a good idea, provided the GitHub community follows through with using it, said one industry expert. There's a lot of demand for an easier way to connect researchers and maintainers, however, Hutchings said. GitHub is the largest independent issuer of Common Vulnerabilities and Exposures, supporting any open source project on GitHub. Private vulnerability reporting, launched in an open beta this week, allows maintainers to opt in to a private communications channel where GitHub users can disclose and collaborate with them to resolve security issues, said Justin Hutchings, director of product management at GitHub. Private reporting hides vulnerabilities from the public eye, which could prevent zero-day attacks that target flaws as soon as they are publicized. That meant bad actors had an opportunity to exploit issues before maintainers could apply a fix. Up to this point, open source maintainers on GitHub received security reports via a variety of public channels such as Twitter.
0 kommentar(er)
