Slashdot Mirror

← Back to Stories (view on slashdot.org)

How to Deal With Stolen Code?

Posted by ScuttleMonkey on from the delicate-situations dept.

greenrom writes "I work for a small company as a software developer. While investigating a bug in one of our products, I found source code on a website that was nearly identical to code used in our product. Even the comments were the same. It's obvious that a developer at our company found some useful code on the web and copied it. The original author didn't attach any particular license to the code. It's just 200 lines of code the author posted in a forum. Is it legitimate to use source code that's publicly available but doesn't fall under any particular license? If not, what's the best way to deal with this kind of situation? Since I'm now the only person working on this code, there's no practical way to report the situation confidentially. I'm new to the company, and the developer who copied the code is the project lead. Reporting him to management doesn't seem like a good career move. I could rewrite the copied code without reporting him, but since the product is very close to release it would be difficult to make a significant change without providing some justification."

13 of 799 comments (clear)

  1. Well... by Anonymous Coward · · Score: 5, Informative

    No license == normal copyright rules apply. You can't do anything with it unless the author gives you permission (licenses do this). What you need to do is either 1) Replace the offending code or 2) Contact the author and find out what the terms on the code are / negotiate a deal.

  2. Re:Uhhhhh by show+me+altoids · · Score: 5, Informative

    If the author of the code posted it in a forum, I would personally call that implicit permission to use the code. Otherwise, why even post it? To show off his great coding ability? Every programmer (myself included) does this all the time and I have never heard of "Forum police" going after them. As to the legality of downloading it, if it is showing in your browser window, you have already downloaded it.

    --
    I feel sorry for people that don't drink, because when they get up in the morning, that's as good as they're gonna feel
  3. Spilling the beans by OctoberSky · · Score: 3, Informative

    If you really want to spill the beans on this guy and get people to notice that he "stole" the code, then play stupid and show the forum to your boss and say "Look this guy took our code and posted it on this website" They will put one and one together and see that it was your office that actually copied it. Then it's in their hands and you we attempting to protect the company.

    Don't worry about the fact that the forum post was 4 months before you guys even started work on your project. In your haste to protect your companies IP you didn't realize you were the ones doing the copying.

  4. Re:Due dilligence and move on by Nevo · · Score: 5, Informative
    If there is no copyright claim by the original author then I don't see what the problem is. AFAIK that means it's in the public domain....

    You'd be wrong. (At least in the United States you would.)

    From http://www.copyright.gov/circs/circ1.html: "Copyright protection subsists from the time the work is created in fixed form. The copyright in the work of authorship immediately becomes the property of the author who created the work" and "The use of a copyright notice is no longer required under U.S. law...."

  5. Re:Uhhhhh by Jherico · · Score: 4, Informative
    >> Is it legitimate to use source code that's publicly available but doesn't fall under any particular license?

    >Of course it is. This kind of thing happens all the time.

    This may be completely commonplace, but it is certainly not legal. Simply posting something in a public place does NOT put it in the public domain, and contrary to what many people in this forum are saying, failing to attach a copyright notification to something does NOT place it in the public domain either. Assuming the author posted the information after 1976 and is covered by american law, then the copyright act of 1976 provides for automatic copyright protections, unless there is some notification which explicitly puts it under a license which permits it use.

    The original poster will probably never be called out if he leaves the situation as it stands he is still breaking the law. His options for avoiding this are to either find another copy of the code which is listed under a license, contact the author and ask for a license, or to rewrite the code.

    --

    Jherico

    What can the average user can do to ensure his security? "Nothing, you're screwed"

  6. You could ask politely by davidwr · · Score: 5, Informative

    To the original poster:

    If your company want to be completely honest and above-board and legal, it must ask if it's okay to use the code. If the author says no or demand$ too much, you must not use it.

    Unless you are fortunate enough to get a fast "sure, go ahead and use it" you will miss your deadline. Sometimes a little cash - maybe as little as the amount of man-hours it would take you to rewrite and test it - will be enough to expedite getting permission.

    By the way, for all you know, the tech lead did ask permission, or the tech lead knows the code is already been dedicated to the public domain.

    If it were me, I'd talk to the tech lead. If the tech lead doesn't have permission already and isn't willing to go to management and do The Right Thing (TM), I'd start circulating your resume and talk to management about it. When you do talk to management, present them with options that are likely to 1) be acceptable to management and 2) get the product out the door as soon as possible.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  7. Quick Points by cleetus · · Score: 5, Informative

    IAALBTINLA (I am a lawyer but this is *not* legal advice)

    1. The original write owns the copyright to the code.
    2. By posting it to the BB, he might have agreed to license it under whatever terms by which the board operates. This might mean you have some license to use it (either implied or actual).
    3. The code copied by the developer might not be enough of the work as a whole to considered infringement.
    4. One test for determining whether computer code infringes copyright, in the USA at least, is the classic, yet ambiguous "abstraction, filtration, comparison" test. (If the copying was complete with comments, then that's not so good for the copier, but if the code accomplishes a trivial function, then not so much.)
    5. Speaking generally, it's important to be on the lookout for situations like this. For instance, if code is copied from an open-source project, then significant consequences can follow (c.f. the Asus story below this one.)
    6. If you are concerned, talk with your company's legal counsel.

  8. Re:Uhhhhh by richie2000 · · Score: 4, Informative

    I thought that although a work is automatically copyrighted at creation, the copyright is lost if the author chooses to publish the work without registering the copyright. That is not correct. If you put patents (even own publication can be prior art) and trademarks (needs to be defended, or they can be lost) in a blender, you might wind up with that situation. Copyright? No way. In fact, in most Berne-signatory states, it's more or less impossible to get rid of a copyright completely without first dying and then waiting 70 years. In some countries, even that isn't enough.
    --
    Money for nothing, pix for free
  9. Re:It's common sense by Se7enLC · · Score: 3, Informative

    Just because you bought a book that came with sample code doesn't mean you are allowed to use it:

    Numerical Recipes (in C, C++, etc), has a restrictive license that only allows you to use the code for personal non-commercial uses. There doesn't seem to be any provision for using those samples in commercial products.

  10. Re:It's common sense by samkass · · Score: 5, Informative

    You're saying there's an implicit copyright in every web post, then? So this post I'm typing now, if someone put it in a newsletter, I could then sue them for taking my post which is my copyright?

    Yes! Now you're catching on! There *is* an implicit Copyright (at least in the United States) on *everything*. Unless the author has agreed to some other license, you need to ask their permission to reproduce it in its entirety (or any use that goes beyond "Fair Use"). Some sites have blanket licenses to everything posted on them that implicitly assigns copyrights of all contributions-- Wikipedia, for example. But if the site hasn't made such arrangements, and the author hasn't made such arrangements, and the "borrower" hasn't made such arrangements, Copyright has been violated.

    As for books, some books grant a license for all sample code in the book to be used by the purchaser of the book in any way. Some don't (Numerical Recipies is the most commonly cited example-- it's an entire book of stuff you're not allowed to use. It's a very annoying book that way, needless to say).

    It sounds like you seriously need to learn a little bit about Copyrights before you get yourself and your employer in serious trouble.

    --
    E pluribus unum
  11. Re:Uhhhhh by SQLGuru · · Score: 3, Informative
    Here's the relevant paragraph from here: http://web.sourceforge.com/terms.php

    With respect to text or data entered into and stored by publicly-accessible site features such as forums, comments and bug trackers ("SourceForge Public Content"), the submitting user retains ownership of such SourceForge Public Content; with respect to publicly-available statistical content which is generated by the site to monitor and display content activity, such content is owned by SourceForge. In each such case, the submitting user grants SourceForge the royalty-free, perpetual, irrevocable, non-exclusive, transferable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform, and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable license.


    Layne

  12. Re:Uhhhhh by msslc3 · · Score: 5, Informative
    I am a lawyer, and while this is not legal advice to anyone I would personally contact the poster and ask to buy a license to reuse the code in a commercial product. Sure you could rewrite the code but the time saved in not having to do that could be worth a reasonable price for a license. If you bought a license you could also ask for proof of authorship and ownership.

    If you instead rewrite the code, you face the possible claim that your new code is a derivative work which is also covered by the original author's copyright. The "cleanroom" approach is sometimes used to avoid this. Have someone who has seen the original code spec the functions, and give the spec but not the original code to a programmer who has never seen the original. Document carefully what you have done and why. If the programmer who writes the code has no access to the original, he can't copy it. Then you only have to worry about software patents -- but that's a separate issue.

  13. Regarding legality by Schraegstrichpunkt · · Score: 3, Informative
    The question to ask is, "If I were sued by the author of this code for copyright infringement, would I have sufficient evidence to defend myself in court?" If the answer is "no", then you shouldn't be distributing the code.

    IANAL; YMMV.

    --
    http://outcampaign.org/