Voir en

français

Computer Security: Insist to avoid troubles

|

Recently, CERN was facing again an allegation of a potential abuse of the license conditions of a popular engineering application. While, since ever, CERN does not tolerate any license violations or pirating of software, this case turned out to be astonishing as CERN holds licenses for that particular application. Unfortunately, the student supposed to use that application was not able to get the green light from her hierarchy to request the corresponding license – even after insisting several times. With deadlines approaching, the student got creative and embarked on alternative ways… creating troubles.

While creativity is definitely sought after in our academic environment, following the rules instead is essential when it comes to software licenses. The usage of pirated or otherwise illegal licenses can have detrimental consequences to CERNs reputation as well as trigger financial repercussions. Therefore, CERN will not tolerate any abuse of license conditions nor the pirating of license files. Potential incurring costs will be directly transferred to the person or institute violating those conditions – and such fines can easily be composed of five to six-figures (hence our earlier Bulletin article on “Do you have 30 kCHF pocket money?”).

So our plea to you: Check with CERN’s software portfolio first. CERN is providing you a plethora of licensed software intended to help you in the execution of your professional duties via CMF for Windows PCs, LXSOFT for Linux systems and the CERN/Apple Mac Self-Service. Dedicated licences are available for engineering software and for control software.

Alternatively, you might want to use free open source software (FOSS)… But mind the “free” as open source software (OSS) is not always free. Some OSS might be free for personal usage, but not free when used in a professional environment or in larger teams. “Free” might be free when used at home or at your home institute, but not necessarily at CERN. And what concerns “free” (public) cloud services, you might simply pay with your data, e.g. they may use your data in whatever way they please, assume ownership, or don’t provide means to recuperate your data once you quit their service…

In any case, if these do not suit your needs, or if you are in doubt as to whether the licence conditions of your applications are compliant with usage at CERN, please contact the CERN Software Licence Officer to check your options and, if needed, agree to make a central purchase. If, indeed, your preferred software needs to be purchased, insist to get a green light from your supervisor. Escalate to your hierarchy if you cannot get the consent of your direct supervisor. Do not start getting creative here! We are sure that no department head will block your needs if those are clearly justified!! They would like to avoid troubles, too!!!

______

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.