EpochZero Learn
EpochZero LearnMulti-Domain Tech Learning Hub
Courses
LeaderboardAbout
Dashboard
EpochZero
EpochZero Learn
Multi-Domain Tech Learning Hub

Structured learning for Reverse Engineering, Cloud Security, Cryptography, and Web Development. Articles, videos, tests, and peer discussion.

Learn

  • Learning Path
  • All Articles
  • Video Lessons
  • Podcast
  • eBooks & PDFs
  • Question Banks
  • Cheatsheets
  • MCQ Banks

Tests & Forum

  • All Tests
  • REMA Tests
  • Cloud Tests
  • Forum
  • REMA Forum
  • Cloud Forum
  • Crypto Forum
  • Web Dev Forum

Campus

  • REMA Club
  • Full Stack Dev Club
  • Extension Activity
  • Events
  • CTF Competitions
  • Workshops
  • Industrial Visits

Platform

  • Dashboard
  • Leaderboard
  • About
  • Verify Certificate

© 2026 EpochZero Learn. Educational content for learning purposes.

Course Instructor: Ashish Revar

All articles
research-methodologyopen-sourceopen-accesslicensing

Open Source and Open Access Publishing

Releasing code under the wrong licence, or publishing behind a paywall when your funder requires open access, are both avoidable mistakes. This article explains the licence landscape for software and research publications so you can make deliberate choices about how your work reaches the world.

Ashish Revar7 July 202612 min read8 views

Sign in to mark this article as read and track your progress.

More articlesTest your knowledge

Why Licences Matter

Producing research — writing code, collecting datasets, publishing papers — creates intellectual property. Without an explicit licence, the default in most jurisdictions is "all rights reserved": no one may use, copy, modify, or redistribute your work without asking your permission individually. A licence is a legally binding statement of what others are allowed to do with your work without needing to ask.

Two separate licence systems apply to research outputs: one for software and data (open-source licences and Creative Commons), and one for published papers (open access models).

Open-Source Software Licences

Open-source licences allow others to use, study, modify, and distribute software. The key distinction among them is copyleft: whether a modified version must also be released under the same licence.

Permissive Licences (no copyleft)

MIT Licence — the most permissive widely-used licence. Anyone may use, copy, modify, and distribute the software, including in proprietary products, as long as the original licence text and copyright notice are included. Used by: NumPy, Flask, jQuery.

Apache 2.0 — similar to MIT but adds an explicit patent grant: contributors give up the right to sue downstream users over patents covering the contributed code. Used by: TensorFlow, Kubernetes, Android.

The practical difference between MIT and Apache 2.0 matters most to commercial users. For academic code releases, either is appropriate; Apache 2.0 is preferred when the code may contain novel algorithmic ideas that could attract patent claims.

Copyleft Licences

GNU General Public Licence (GPL v3) — anyone may use and modify the software, but any modified version distributed publicly must also be released under GPL. You cannot take GPL code, improve it, and release the improvement as proprietary. Used by: Linux kernel (GPL v2), GCC, WordPress.

GNU Affero General Public Licence (AGPL v3) — extends GPL to cover software run as a service: if you deploy AGPL software over a network, you must release your source code even if you never distribute a binary. Used by: MongoDB (older versions), Nextcloud.

GNU Lesser GPL (LGPL) — a middle ground that allows proprietary software to link against an LGPL library without triggering copyleft, as long as the library itself remains LGPL.

Choosing a Licence for Research Code

For academic research code where wide adoption and reproducibility matter, MIT or Apache 2.0 minimises friction. For code that embodies a public good (security tools, privacy-preserving algorithms) where preventing proprietary capture matters, GPL or AGPL may be appropriate. The Open Source Initiative (OSI) certifies licences as meeting the Open Source Definition; use only OSI-certified licences for work you intend to be genuinely open source.

Creative Commons Licences for Data and Publications

Creative Commons (CC) licences are designed for creative and academic works — papers, datasets, educational materials — not for software (which is better served by OSI licences). They are modular: each licence is a combination of four elements:

ElementMeaning
BY (Attribution)You must credit the original author
SA (ShareAlike)Derivatives must carry the same licence (copyleft)
NC (NonCommercial)Commercial use is prohibited
ND (NoDerivatives)No modified versions may be distributed

Common combinations used in research:

  • CC BY — the most open CC licence, equivalent to MIT for publications. Anyone may use, adapt, and redistribute with attribution. Recommended by most open-access mandates.
  • CC BY-SA — copyleft: derivatives must carry CC BY-SA. Used by Wikipedia.
  • CC BY-NC — permits any use except commercial. Restrictive for research datasets that companies might want to use.
  • CC0 — no rights reserved. The creator waives all copyright and releases the work into the public domain. Appropriate for raw datasets where maximising reusability matters most.

Open Access Publishing

Open access means that a published paper is freely readable by anyone with an internet connection, without a subscription paywall. Three models exist:

Gold open access — the paper is published immediately in open-access form in a journal that makes it freely available. The cost is typically an Article Processing Charge (APC) paid by the author or their institution — commonly £1,000–£3,000 for established journals. The Directory of Open Access Journals (DOAJ) lists legitimate gold-OA venues.

Green open access (self-archiving) — the paper is published in a subscription journal, but the author deposits a version (typically the accepted manuscript, not the final typeset version) in an institutional repository or preprint server. No APC is paid. Most major publishers now permit some form of green OA with an embargo period (typically 6–12 months for computing).

Diamond open access — the paper is freely available and no APC is charged. The journal's costs are covered by institutions, professional societies, or grants. Most workshop proceedings in computer science are diamond OA. The quality of diamond-OA venues varies: some (like ACL Anthology and many IEEE/ACM workshops) are well-regarded; others are not.

Preprint Servers

A preprint is a version of a paper posted publicly before (or simultaneously with) peer review. Preprint servers provide open access to research at the moment of completion, not after a 12-month embargo.

ServerField
arXiv.orgComputer science, mathematics, physics, statistics
bioRxiv / medRxivBiology, medicine
SSRNSocial sciences, law, economics
TechRxivElectrical engineering, technology

Posting a preprint does not prevent subsequent journal submission in most fields. It establishes priority (the timestamp proves you completed the work first), allows community feedback before formal peer review, and makes results immediately available. The majority of ML and security research appears on arXiv before journal publication.

Predatory Open Access

Not all open-access journals are legitimate. Predatory journals charge APCs but perform no genuine peer review — they accept papers without scrutiny to collect fees. Warning signs: unsolicited emails with excessive praise, implausibly fast "peer review" (days), journals covering improbably broad topic areas, impact factors that cannot be verified.

The Beall's List (maintained in archived form) and Cabell's Predatory Reports document known predatory venues. Publishing in a predatory journal damages rather than builds a research record — the paper may be retracted, and hiring committees recognise predatory venues.

Funder Mandates

Many research funders now require open access:

  • Indian funding bodies (SERB, DBT): open access encouraged; formal mandates under development as of 2026.
  • NIH (USA): all peer-reviewed publications from NIH-funded research must be publicly available in PubMed Central within 12 months.
  • Horizon Europe (EU): immediate open access mandatory; only CC BY permitted.
  • UK Research Councils (UKRI): immediate open access; CC BY required.

Verify the open-access requirements of any grant before selecting a publication venue, since non-compliance can affect future funding.

Check Your Understanding

A student has written a malware detection tool in Python during their dissertation, using scikit-learn (BSD licence) and PyTorch (BSD licence). They want to release the code so that: (a) any researcher can use and modify it freely, (b) companies cannot incorporate it into proprietary products without releasing their modifications.

Which licence should they choose and why? Would MIT be appropriate? What if they also want to release their labelled malware dataset — which Creative Commons licence would be most appropriate, and why?