Read Time: 4 minutes, 36 seconds

Various terms come into action when dealing with software. There comes EULA (End User License Agreement), Software License Agreement (SLA), or ToS (Terms of Service). When it comes to SaaS products, people generally confuse one or the other terms with the rest.

Licensing refers to the contractual agreement between the application developer and the end-user. The software license often mentions end-user rights such as installation, warranties, and liabilities. Whereas entitlement is responsible for specifying the users/devices on which the licensed software is eligible to run. Also, they state the authorized level of use.

License history

The license management became popular from the houses of FLEXlm(R) from GLOBEtrotter Software (currently a registered trademark of Macrovision Corp.).

Floating licensing flourished in the late 1980s upon the massive usage of a network of engineering workstations. Earlier, the cost of licensing was $50,000 each. Today the cost of each license can be well over $1,000,000 per license. These high prices were paid for node-locked licenses in earlier days. Also, companies didn’t want to buy these licenses as they could be used only once.

In later stages, after more commercial license managers became available, end-users got the freedom to share the licenses over their network for shared usage and not to move physical systems from one location to another.

What is it?

According to Open Source Initiative, “Open source licenses are licenses that comply with the Open Source Definition — in brief, they allow the software to be freely used, modified, and shared. To be approved by the Open Source Initiative (also known as the OSI), a license must go through the Open Source Initiative’s license review process.”

A software license provides legal bindings for the delivery and usage of the software. They are text documents that safeguard the competent property of the software developer.

Software licenses are used for various reasons like to demonstrate new ideas, make people’s tasks more manageable by providing them with benefits, or simply for monetary benefits.

Licenses are broadly classified into these two classes-

Proprietary Software

There are software programs for which the creator or the developer reserves some rights. The licensee doesn’t have access to the source code for the software. Also, the license agreement includes terms that prohibit reverse engineering on the software to get access to the source code.

Free and Open Source Software (FOSS)

Open-source software gives the end-users the right to inspect the source code and modify the program’s functionalities.

Types of Licenses

There are mainly five types of licenses for developers and companies purchasing them. They are classified based on the least restrictive software to the most restrictive software.

  1. Public domain license
    • They allow users to reuse the software for any purpose they will
    • They are helpful for novice coders and application developers as they can play with the software and adopt the source code.
  2. Lesser General Public License (LPGL)
    • As long as you associate your project with the LGPL library, developers can license the code obtained from this activity under any license, including proprietary licenses.
    • Allows developers to link open source libraries within their software code without complying with the terms of the copyleft license. Developers typically need to release the source code used to build their components.
  3. Permissive license
    • Similar to a public domain license, but with more restrictions as it may contain intellectual property protection clauses
    • Usually, developers use free and open-source licenses to protect their intellectual property and control how people operate them.
    • It is a common alternative for developers who want to support open source development while maintaining copyright protection for FOSS
  4. Copyleft licenseThese types of licenses provide users the flexibility to distribute a modified version of the software with the stipulation that users distribute adaptations under the same license
  5. Proprietary licenseThey reserve all rights to the developer, the application’s creator, or the software. The customers or the end-users cannot modify the software according to their needs.

EULA Vs. SLA

Many times people confuse the terms EULA and SLA.

The End User License Agreement is generally provided when a user gets an application or software from a retailer or a platform (like getting an application from the play store or app store).

Whereas a Software License Agreement is settled directly between the developer and the end-user, and the original creator owns the ownership of the software and control over it.

EULA SLA
IP definitions Copyright retention
Limited warranties Copying, displaying and distributing rights
Usage restrictions Modification restrictions

Entitlement

An entitlement is a post-licensing step. An entitlement provides access to specific users and devices and the rights to run the particular software. For example, an organization has purchased a software license to run on 50 devices. Then the software entitlement specifies the machines/users to which those 50 licenses are assigned.

A product entitlement is a determination of:

  • Which product was purchased
  • The number of seats purchased
  • The license type (floating or node-locked)
  • The product subscription period (product updates provided throughout the year).

License Vs. Entitlement

While buying a license will give the customers the right to use the authentic software, the entitlement describes the fine grains of the license and hence the software usage.

A credible entitlement is the peace of mind for the developer also, as it works as an assurance that the license owner can not operate on the software outside the terms and conditions.

Conclusion

Licensing and entitlement go hand in hand for a company and the developer to get a smooth and hassle-free workflow. A company must analyze its requirements and internal policies and then go forward to get a license and, subsequently, an entitlement.

References

News from the blog | Open Source Initiative

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Read time: 4 minutes, 39 seconds

According to Gulf News, “An estimated 300 billion passwords are used by humans and machines worldwide. Which is nearly 40 times more than the number of people walking on Earth.”

Passwords are the most common technique for authentication used across the globe.

Why are passwords bad for your security?

Usage of easy passwords is also one reason that leads to compromised security. With a limited number of words in the dictionary and a handful of digits and special characters, there comes a handful of passwords that can easily be guessed. Moreover, if your password has appeared in any of the password leaks, then that is more likely easy to be discovered by some hacker. Many people also tend not to rotate their passwords in regular intervals

According to a report by LastPass, 53% of the people surveyed haven’t changed their passwords in the last year, even after hearing about a data breach in the news. And 42% of the people say that having a password that is easy to remember is more important than having a more secure password.

People tend to pick easy passwords to avoid remembering them. SplashData carried out an analysis in which they studied over 5 million leaked passwords and concluded that 10% of the passwords were still using the 25 worst and most common passwords.

People also tend to use the same password for multiple accounts and websites, which is highly unsecured and not recommended. But making new passwords for every new account across a wide array of websites is also a tedious task. Hence leading to the usage of the same passwords. This scenario is often termed Password fatigue. Wikipedia explains this as “The feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine, such as log on to a computer at work, undo a bicycle lock, or conduct banking from an automated teller machine.”

What do organizations do to combat this?

To combat this password-related issue, many organizations stick to strict password policies. They use a minimum length of the password, use special characters, and use both lower and upper cases combined with numbers. All these can help build a strong password that end-users can use.

In recent days, many organizations have adopted the use of MFA (Multi-Factor Authentication), an authentication mechanism used to authenticate a user using multiple verification steps. Usually, the first step is a password. The second step has several options like authentication code from liked authenticator applications (Google authenticator, Microsoft authenticator, etc.), or, in general, OTP delivered to the registered mobile number or email address.

How authentication can be made passwordless

Authentication can be achieved regardless of a predetermined password in the following six ways

  1. Biometric AuthenticationBiometric authentication is based on unique biological features of human beings that are used to authenticate the user’s identity. Physical traits like depth scanning of the face, fingerprint, retina scan, etc., are used as authentication parameters.
  2. Dedicated hardware security
    tokens

    It is a small hardware device that stores additional information required for authentication during a user login or a service authentication. The stored additional information is generally a numeric code that keeps rotating every 30 seconds. Hardware tokens are specifically making use of One-Time Password (OTPs), Multi-Factor Authentication (MFA), or Two-Factor Authentication (2FA).

    A dedicated security token, when coupled with the following properties, makes the system of the user more secured from attacks and breaches-

    • Possession: The user must possess something like a phone or a key card handy to access the system.
    • Knowledge: The first stage of the authentication is the password which must be in the user’s knowledge.
    • Inheritance: The addition of biometrics (like fingerprint or face scan) makes it more secure.
  1. Certificate-based authenticationDigital certificates are yet another mode of authentication. One used case for certificates is authenticating a system in an organizational network. The install certificate is verified with the CA (Certificate Authority). The certificate chain of trust plays an important role when it comes to the verification of certificates.
  2. PIV (Personal Identity Verification) cardsA PIV card is a smart card issued by the United States government that contains the information needed to access federal facilities and information systems and ensure acceptable levels of security for all national applications
  3. One Time Password (OTP)OTP is an alphanumeric string, specifically a passcode that is automatically generated for a single time transaction or login session. One major advantage of OTP is that it expires after a certain period which prevents it from being reused by attackers for malicious purposes.
  4. Email magic linksThey are special links sent to the email of the user upon clicking on which the user gets authenticated. The following steps take place in the whole system-
    • The website requests the user’s email address
    • The user enters the email address
    • The website generates a token and subsequently generates the magic link as well.
    • The application sends the magic link to the user’s mail address.
    • When the user clicks on the magic link, the application receives the query at the magic link endpoint, and the user is authenticated.
  1. Authenticator applicationsThese third-party applications create a one-time passcode that keeps updating every 30 seconds. The authenticator applications are linked to the account we set up the MFA for.

Conclusion

With each passing day, the knowledge and number of hackers and the increased probability of a simple password being guessed are growing. So, people and organizations need to adopt a more secure form of authentication like 2FA or Hardware Tokens. But this journey will take some time. And hence the need for awareness of going passwordless is at its peak.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Let's talk