Curriculum
Course: AppSec, Privacy & License Compliance
Login

Curriculum

AppSec, Privacy & License Compliance

Introduction to AppSec

0/2

Dependencies AppSec

0/5

Code AppSec

0/2

Runtime AppSec

0/2

Dependencies License Compliance

0/2

Privacy

0/2

Quiz

0/1

Bonus

0/3
Text lesson

How to read a license? with a sheetcheat.

When using or integrating software into your own project, it’s essential to understand the terms of its license. Licenses define what you’re allowed to do, what you’re required to do, and what limitations apply. In this lesson, we’ll compare the MIT License and the GNU General Public License (GPL), then list what to look for when reading any software license.

1. Example: MIT License

MIT License

Copyright (c) 2025 [Your Name]

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND...

Highlights of MIT License:

  • Very permissive and simple.
  • Allows use in commercial and closed-source software.
  • Requires inclusion of the license text and copyright notice.
  • Does not require sharing changes or source code.

2. Example: GNU General Public License (GPL) v3

GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007

Copyright (C) 2007 Free Software Foundation

You may copy, distribute and modify the software as long as you track changes,
state modifications, and license your entire project under the GPL if it uses
GPL-covered code.

You must also make your source code available to users, and provide notices
regarding your changes and license terms.

Highlights of GPL v3:

  • Copyleft license — requires derivative works to be licensed under GPL.
  • Forces you to share source code if you distribute modified versions.
  • Not compatible with many proprietary software uses.
  • Protects end users’ rights to modify and share.

3. Cheatsheet: Key Things to Spot When Reading Any Software License

  • Permissions: What are you allowed to do? (e.g., use, modify, distribute, sublicense, sell)
  • Conditions: What do you need to do to comply? (e.g., credit the author, share source code, use same license)
  • Limitations: What does the license explicitly deny? (e.g., no liability, no warranty, restrictions on field of use)
  • Source Code Disclosure: Are you required to publish your changes or make your source open?
  • Compatibility: Can you combine this code with other licenses? Especially important for mixing open-source and proprietary code.
  • Commercial Use: Is commercial use allowed? Are there any limitations?
  • Patent Clauses: Does the license grant or restrict any patent rights?
  • Relicensing: Can you relicense the software as part of another project?
  • Distribution Requirements: Are there special obligations when redistributing binaries or modified versions?

4. How to read a License Risk?

After reading the license, detect whether the permissiveness level is enough for your use case.

5. Summary

Always read the full text of a license before using software in your project. The difference between permissive licenses (like MIT) and copyleft licenses (like GPL) can have major implications for your product, especially if you plan to distribute or commercialize it. Understanding what each license allows, requires, and restricts will help you stay compliant and avoid legal or ethical issues.