Foundstone Shoe On Other Foot

Cimmer writes "One of the premier hack shops (to pun or not to pun) gets busted for unethically ethically hacking. After filing a lawsuit against former employee JD Glaser for supposedly jacking company source code, Foundstone gets nailed for massive internal software piracy. Tonight's entree: Foot in Mouth."

Corporate piracy is evil

[Graspee_Leemoor]

Corporations who use one legal copy of software to install on all their company machines are doing damage to open-source.

Think about it: If it were impossible for them to just rip-off Windows, Outlook, Office, Ultraedit etc. they would use Linux, Evolution, OpenOffice, Scite/emacs/vi/whatever, since they obviously don't want to spend any money on software.

graspee

Re:Corporate piracy is evil

[Graspee_Leemoor]

"A security company researching vulnerabilities must have at their disposal a huge quantity of software."

Which they can buy with the huge quantity of money they get from clients.

"...it does not surprise me that such a company would commit copyright infringement in order to get some piece of software they will only use for a short time while testing something."

If they are testing it for a client they can factor the price of the software into the price they charge the client. If they are just researching it to advance the state of knowledge in the company then they can buy it from company funds.

"After all how many amateur bug finders have the bucks to properly license all of the software they test"

These are not amateur bug finders though, they are a "professional" company.

The bottom line is that nearly every business will do everything they can to maximise PROFIT, even if it means limiting the ability of other people to do the same.

Remember the 169th rule of acquisition:

"Competition and fair play are mutually exclusive.".

graspee

Winzip

How many of you run Winzip without a valid license?

Re:Winzip

[jpetts]

but I'm a rabid RAR zealot :^)

Rar! Rar! Rar!

Re:A Credibility Nightmare

You're a moren.

I don't

[Eyston]

This copy of WinXP Pro I found on the net does it automatically, so there!

-Eyston

There are always two sides to every story kids...

Found this on Foundstone.com:
FS Responds to Fortune

To our valued customers, partners, vendors and future customers,
The current issue of Fortune Magazine contains a lengthy article about Foundstone that significantly misrepresents the way we do business, and wrongly states that Foundstone does not respect intellectual property rights. I am writing to tell you some key facts surrounding this matter, and to correct some of the irresponsible misrepresentations and factual errors in the Fortune story.

Foundstone rigorously defends its commitment to protect intellectual property rights, and the intellectual property rights of other software makers. To demonstrate Foundstone's commitment to protecting the commercial use of other software, an independent, 3rd party audit was completed on May 2 (more than a month prior to this article). According to Harvey Liss, President of VLSystems, which conducted the independent audit, "The vast majority of the software applications running on the 510 active Foundstone systems were properly licensed. Including operating systems and applications, several hundred software programs are in current use by Foundstone and over 95% were identified as properly licensed. In our experience, having performed numerous software licensing audits, this is among the higher rates for pre-audit compliance." We recognize that for a company whose very foundations are built on protecting intellectual property, anything less than complete compliance is not acceptable. Our aggressive growth is not an excuse for non-compliance. We've taken the necessary steps to identify non-compliance and have immediately applied corrective action through new policies, procedures and education.

The sources and recent timing of these defamatory statements about Foundstone to Fortune Magazine is not a coincidence. Unfortunately, Foundstone was forced to file a lawsuit against NT Objectives, Inc. because of the misappropriation of trade secrets and our unsuccessful attempts in obtaining key information and a reasonable level of cooperation from NTO. Foundstone recently received some favorable rulings in arbitration that would allow Foundstone full discovery rights to review NTO's code. From the very beginning, NTO has vehemently objected to full discovery, even though they proclaim innocence. This Fortune article is a deliberate attempt to shift focus away from the facts of the case and divert attention to rumor, innuendo, and misinformation.

Our loyal customers and market standing speak for themselves. While macro economic factors are negatively impacting other high-tech firms, Foundstone continues to buck the trend with impressive revenue growth, employee growth (Foundstoneâ(TM)s attrition rate is below the industry average), expanded product offerings, and solid financial stability. Foundstone respects the interests of our partners, vendors and associates, and will continue to deliver the highest quality products and services to meet the needs of current and new customers.

If you have any questions about this article, I invite you to call me or Stuart McClure and weâ(TM)d be happy to give you the facts.

Re:winzip license

[IvyMike]

• Anti-piracy method 1: Spend a lot of time and effort trying to keep ahead of the serial# spreaders and/or crackers, yet still fail pretty miserably, as every other program out there does. Only the honest people actually pay.
• Anti-piracy method 2: Sit back, drink a beer, don't give a rat's ass, and the honest people still pay.

Personally, I think WinZip's got the right idea.

On fear.

[mindstrm]

Partly, it's the way people act that causes fear.

I guarantee if someone that good acts very professionaly, doens't brag about what they do, and keeps a low profile with regard to their skills, they won't have problems. If you present yourself as a rogue living on the edge, people will not trust you.

An employer will not fire you JUST because you know how to pick a lock, but the fact that you constantly talk about what locks you picked might scare him a little.

Bad for the industry, not just slashdot

[akad0nric0]

This does not bode well for the industry as a whole. Think about how many companies share Foundstone's silhouette - young company, killer app, grows fast from nothing - like netForensics, ISS, et. al.

In my experience as a security analyst, the industry is chock full 'o great products that large companies hesitate to invest in because they're not IBM, Symantec, or the like. Giving 6 digits of cash to a company that could concievably go under in a year is a hard sell on my boss's boss (who signs the contracts) - and with good reason. As a result, we're left with awesome support for products that aren't always the best (IBM), or worse yet, crappy products with no support from a big company (CA).

By doing this, Foundstone has hurt a good chunk of the industry holding some great products, and by association (albeit to a lesser extent) hurt end-users of security apps like me.

They tried to violate the GPL too

[nicholasharbour]

This company had tried to market a ext2fs undelete tool to the computer forensics market. I looked through the binary and found several references to lib ext2 (they left all debugging symbols in so I could see exactly what files they had compiled and linked). the ext2 library is GPL and not LGPL so therefore their program should have been GPL. When we told them about it, they just wrote back and basically said "we arent violating anything". a short while later the tool disappeared from the market. Food for thought.