Slashdot Mirror

← Back to Stories (view on slashdot.org)

Licensing Commercial Source Code?

Posted by ryuzaki0 on from the drifting-in-the-wind dept.

toughguy asks: "I'm the principal in a software startup that develops web apps for a relatively small market. We typically run our software for our customers in hosted environment (kinda like SalesForce.com). We've got some large potential customers who are more sophisticated and would run our application in-house. They'd also like to be able to do more customization using their internal development staff. This customization would require us to give them our source code. This, frankly, gives me the willies. The source code for our application represents millions of dollars of invested time and energy. At this point, we're not interested in open-sourcing the whole thing. I'm interested in knowing how other people have handled similar situations. What protections did you have in place? A good lawyer is a must. A good contract with the customer that makes it clear what they can and can't do with the code. How have you handled similar situations?" "From a technological stand-point we'd considering watermarking the code in some form for each customer, but this has problems in that if the customer makes significant changes then the watermark may be illegible. We're also considering some sort of Encrypted key scheme that would tie the software to a particular server or something like that. I'd be interested in knowing what other protections you may have used in the past.

If you've been in a similar situation in the past can you share your story with how things worked out. Horror stories are appreciated as well as the 'happily-ever-after' types."

4 of 52 comments (clear)

  1. This is quite feasible by Ckwop · · Score: 5, Informative
    From a technological stand-point we'd considering watermarking the code in some form for each customer, but this has problems in that if the customer makes significant changes then the watermark may be illegible. We're also considering some sort of Encrypted key scheme that would tie the software to a particular server or something like that. I'd be interested in knowing what other protections you may have used in the past.

    Actually, it does not. You see a good watermark scheme relies extensively on error correcting codes; that is, if they mangle one of your bits you've got enough redundancy to reconstruct your watermark. You don't actually need to hide that many bits in the source to get this watermark in. You should at most require 20 bits; this would give you around a million watermarks. This should give you plenty of scope to hide your watermark.

    Compilers ignore whitespace which means you should focus on introducing changes in to the white space. It's also a good idea to change some of the program code aswell. One of the top of the head that might be useful is to expand the ternary operators out in to if statements.

    Unfortuantely, all the methods that come to mind seem to depend on the secrecy of the stego method which is bad design. There is probably a way to do this is secure even when the stego algorithm is known. I'd go and hunt through the literature.

    Combined with a decent license, this stego can help you protect your copyright.

    Simon

  2. Talk to Larry McVoy by jthill · · Score: 2, Informative

    Bitkeeper.com

    He's been doing almost exactly that for years.

    --
    As always, all IMO. Insert "I think" everywhere grammatically possible.
  3. Re:Trust your customer by Aadain2001 · · Score: 3, Informative
    How about just trusting your customer?

    Ok, I'll give you $5 to for a copy of your house keys. You can trust me, after all, I'm paying you therefore I'm your customer and you can trust me :)

    Most people can be trusted to do the right thing. It's the one or two people who would exploit an opportunity that you have to watch out for. Maybe they want to take his code, make a bunch of modifications, and then somehow claim that because of all their work they don't own anything to the originating company. After all, if you rewrote 90% of the code, there isn't much left that isn' your's (ya right). Watch, there is some lawyer out there just chomping at the bit to fight a case like that.

    To the OP, get a damn good IP lawyer. Ask around in the game industry because they license our their graphics engines all the time and have for a while. They would have experience with this.

    --
    Space for rent, inquire within
  4. Don't do that if you can avoid it by Anonymous Coward · · Score: 1, Informative

    Been there. The customer wanted the source code, for validation, customization, and because they were afraid we would disapear overnight.

    Solution:
    1/ Offered them to come on site to look at the code as much as they wanted. They came, but just looked at a tiny bit
    2/ Built API in the code, so they could customize it by writing additional DLLs
    3/ Put the code in escrow, so they can get it (with the build system) if we had anything

    At the end, it always ended up this way. And, retrospectively, point 2/ was a mistake (due to support issues). If the customers want to change something, it is because you product is missing something. You should listen to customers and update the product.

    Now, we have around 20 customers (for a ~200K$ software package), about 3 asked for the source code, none of them had it, and all have escrow agreements.

    The code have no dongles, serial or anything. It is definitely not the kind of software they would copy. We trust our customers. In return I beleive that they trust us.