Voir en

français

Computer Security: Insist to avoid troubles

|

Recently, CERN was facing again an allegation of a potential abuse of the licence conditions of a popular engineering application. While, since ever, CERN does not tolerate any licence violations or pirating of software, this case turned out to be astonishing as CERN holds licences for that particular application. Unfortunately, the student supposed to use that application was not able to get the green light from her hierarchy to request the corresponding licence – even after insisting several times. With deadlines approaching, the student got creative and embarked on alternative ways… creating troubles.

While creativity is definitely sought after in our academic environment, following the rules instead is essential when it comes to software licences. The usage of pirated or otherwise illegal licences can have detrimental consequences to CERN's reputation as well as trigger financial repercussions. Therefore, CERN will not tolerate any abuse of licence conditions nor the pirating of licence files. Potential incurring costs will be directly transferred to the person or institute violating those conditions – and such fines can easily be composed of five to six-figures (hence our earlier Bulletin article on “Do you have 30 kCHF pocket money?”).

So our plea to you: Check with CERN’s software portfolio first. CERN is providing you a plethora of licenced software intended to help you in the execution of your professional duties via CMF for Windows PCs, LXSOFT for Linux systems and the CERN/Apple Mac Self-Service. Dedicated licences are available for engineering software and for control software.

Alternatively, you might want to use free open source software (FOSS)… But mind the “free” as open source software (OSS) is not always free. Some OSS might be free for personal usage, but not free when used in a professional environment or in larger teams. “Free” might be free when used at home or at your home institute, but not necessarily at CERN. And what concerns “free” (public) cloud services, you might simply pay with your data, e.g. they may use your data in whatever way they please, assume ownership, or don’t provide means to recuperate your data once you quit their service…

In any case, if these do not suit your needs, or if you are in doubt as to whether the licence conditions of your applications are compliant with usage at CERN, please contact the CERN Software Licence Officer to check your options and, if needed, agree to make a central purchase. If, indeed, your preferred software needs to be purchased, insist to get a green light from your supervisor. Escalate to your hierarchy if you cannot get the consent of your direct supervisor. Do not start getting creative here! We are sure that no department head will block your needs if those are clearly justified!! They would like to avoid troubles, too!!!

______

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.