I can't speak for this specific case, but when releasing software to others (open sourcing, licensing, etc) it's common to run the codebase through something like Black Duck. Everything that comes up as a false positive needs to be checked into and cleared. Everything that's a true positive must have its license read to ensure that any terms of its release are being met.
For software that's been released but doesn't have a clear license (e.g. some "Pull to refresh" implementation on Github) it's often necessary to ask the author to sign some form of "no, I really won't sue you" release.
If it's discovered that some license was inadvertently violated (e.g. attribution) then it can be necessary to send a mea culpa to the licensor so they're not incensed if someone points the violation out to them later.
For software that's been released but doesn't have a clear license (e.g. some "Pull to refresh" implementation on Github) it's often necessary to ask the author to sign some form of "no, I really won't sue you" release.
If it's discovered that some license was inadvertently violated (e.g. attribution) then it can be necessary to send a mea culpa to the licensor so they're not incensed if someone points the violation out to them later.
(IANAL, but I have done this dance before).