未加星标

Beware of Oracle’s developer Trojan

字体大小 | |
[网络安全 所属分类 网络安全 | 发布者 店小二04 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

Beware of Oracle’s developer Trojan

Most developers are aware of the concession available from Oracle under its Oracle Technology Network (OTN) a free licence to develop, test, prototype and demonstrate any new application.

But has Oracle laid a trap to intimate that full-use licences are required to market and sell the application even if no Oracle code is incorporated?

With Oracle, there is some buried wording which is all too easy to overlook. One of the conditions is: “If you want to use the programs or your application for any purpose other than as expressly permitted under this agreement, you must obtain from Oracle or an Oracle reseller a valid licence for programs under a separate agreement permitting such use.”

At first glance, that looks uncontroversial if you go beyond the OTN licence, you need to obtain a full-use licence. But note that the restriction on use is not just over the programs but also of your application.

It reads that the payback in being given an OTN licence is a restriction on subsequent use of your application, such as commercialisation.

This stands even if your application contains no Oracle code, is not an adaptation of any Oracle product and does not compete with any Oracle application, but is simply an independent product which may interface with Oracle software .

The provision would have been satisfactory if referring only to continued use of Oracle programs, so why has Oracle chosen to insert the additional words “or your application”?

The position parallels a situation where a manufacturer, such as BMW, were to insist that tyre manufacturers needed permission from BMW to market and distribute tyres if the tyres have been developed for, and tested on, a BMW vehicle.

It might be thought that the additional control on later use of your application was simply a typographical error. But this wording in the OTN licence has been regularly re-examined by Oracle and developed from earlier wording which declared, more explicitly, that any commercial use of the application required “an appropriate licence” from Oracle.

The Oracle position is quite different from, for instance, Microsoft and Adobe where their respective Visual Studio/MSDN and SDK licences only seek to control usage of their own proprietary code, rather than any programs independently developed to function with their products.

The OTN licence is subject to Californian state law, but the impact of any attempted control(s) by Oracle would have effect for licences in Europe. European law will therefore apply irrespective of the governing law provision in the licence.

If such restriction does control further usage of the application, such as distribution and sale as opposed to further usage just of the Oracle code then it is extraordinary and probably unlawful.

If Oracle ever sought to restrict usage of any such newly developed application, as opposed to its own code, it would almost certainly fall foul of European and US competition/anti-trust laws, most notably as abusive conduct contrary to the European Union (EU) Treaty.

This treaty prohibits the imposition of unfair trading conditions and/or the imposition of obligations on other parties in contracts which are unrelated to their subject matter, nature or according to commercial usage.

Such an imposition extends Oracle’s reach beyond legitimate controls over its proprietary software to software developed independently by third parties.

What is Oracle’s position? Licensing software consultants Cerno Professional Services put the question to Oracle.

Oracle’s legal spokesperson said: “Oracle will not be altering its OTN licensing terms to remove the reference to customers’ applications included in the Licence Rights and Restrictions section.”

“If [the customer] intends to resell their application, they will likely need to get an Oracle Partner Network membership, which gives them the status of Oracle distributor or reseller,” the spokesperson added.

So, an anodyne typographical error or something more determinedly controlling by Oracle?

Either way, because of the jeopardy of competition law claims, Oracle would be well-advised to retreat from its current wording in the OTN licence and look only to protecting its own software rather than to be, it seems, demanding licences for applications created by others which contain no Oracle code.

Robin Fry is a solicitor and legal director of Cerno Professional Services , which specialises in audit defence and strategic licence optimisation.

本文网络安全相关术语:网络安全工程师 网络信息安全 网络安全技术 网络安全知识

主题: Visual StudioVisual StudiSDNBMW
分页:12
转载请注明
本文标题:Beware of Oracle’s developer Trojan
本站链接:http://www.codesec.net/view/522926.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 网络安全 | 评论(0) | 阅读(28)