When it comes to software engineering, the University of Luxembourg’s Interdisciplinary Centre for Security, Reliability and Trust (SnT) is a leading institution – in fact, it ranks in the top ten globally. As a home for several renowned experts in the field, delivering high-quality software is naturally of great importance, and requires due diligence when it comes to incorporating free and open-source software (FOSS) into its projects, as well as releasing its own results. However, it’s not just about providing free and open access to software components when applicable, but also ensuring that deliverables associated with partnerships and spin-off projects are free from licensing issues and ready to be applied into their businesses.
And achieving this level of competence – as the saying goes – takes a village. SnT not only relies on the expertise of its Technology Transfer Office (TTO) to help its researchers with the process of licensing their intellectual property, but it also built a community of FOSS liaisons – in-house software developers who are trained to understand the technicalities behind FOSS across many research groups. “This group of researchers help their fellow peers in deeply familiarising themselves with the project objectives, software dependencies, dynamically linked libraries, and system architectures, so that they can anticipate the impact of different licensing constraints on the final solution. The ultimate goal is to allow SnT developers to produce credible and compliant software results. The FOSS community is exchanging on best practices during regular meetups and trainings, so we can stay ahead by learning about new trends,” explains Jacek Plucinski, RTTP, technology transfer officer at SnT and creator of the FOSS team back in 2020.
The team’s invaluable support has resulted in a framework that aids researchers in how they can implement third-party components into their projects, as well as advice on licensing compatibility that enables them to deliver high-quality software within partnership projects and other research activities. “Since frequently licensed third-party software can be incompatible with different components of the solution, the depth of understanding FOSS liaisons have on the projects within their research group is instrumental in producing applicable and compliant results, strengthening their scientific credibility, and solidifying SnT’s reputation as an excellent research partner,” he continues. The FOSS team have also leveraged the expertise of Across Legal, from which Lucrezia Berto and Malcolm Bain, two external lawyers with in-depth knowledge of various software technologies, further support researchers in the legal processes, reinforcing SnT liability when it comes to software-based research results.
“FOSS is a great initiative from SnT, as it promotes open source but at the same time being compliant with the rules and regulations,” shared FOSS liason, Dr. Hriday from the Bavle (ARG) research group. “It also allows me to interact with other group members from SnT, giving me a newer perspective from people working in different research areas,” he continued.
Automation and Robotics
Unfortunately, the prevalence of FOSS that isn’t properly licensed is high – and this can be problematic for researchers who aren’t aware. “We still see a lot of flawed open-source software – this is software made available on public repositories, but isn’t associated with any licence or it’s missing proper copyright notice. While researchers can learn from these sources, an end-user looking for credibility in their work simply can’t use it,” Plucinski explains. Researchers have obligations when it comes to both using and creating assets that are fully compliant, and so have a duty to comply with best practices to achieve scientific merit in their assets and published papers.
Comprised of 18 members from across SnT research groups, the FOSS team meets bi-monthly to exchange experiences and ideas to improve. Speaking about the collaborative approach, Dr. Monica Arenas – a research associate within the Sociotechnical Cybersecurity (IRiSC) research group – shared, “Being a FOSS liaison has allowed me to be aware of the good practices throughout the software development process. It has allowed me to share the key points with my colleagues in the IRiSC team about how to protect our developments, how to comply with other third-party licences, as well as how to select the proper licence for projects, taking also into account potential restrictions that may arise from the collaboration with external partners.”
“Going forward, I’d like to see other companies and centres becoming much more aware of some of the key best practices when it comes to open-source software, and implementing them to see the subsequent production of much better software results,” concludes Plucinski.