Slashdot Mirror

← Back to Stories (view on slashdot.org)

How to Deal With Stolen Code?

Posted by ScuttleMonkey on from the delicate-situations dept.

greenrom writes "I work for a small company as a software developer. While investigating a bug in one of our products, I found source code on a website that was nearly identical to code used in our product. Even the comments were the same. It's obvious that a developer at our company found some useful code on the web and copied it. The original author didn't attach any particular license to the code. It's just 200 lines of code the author posted in a forum. Is it legitimate to use source code that's publicly available but doesn't fall under any particular license? If not, what's the best way to deal with this kind of situation? Since I'm now the only person working on this code, there's no practical way to report the situation confidentially. I'm new to the company, and the developer who copied the code is the project lead. Reporting him to management doesn't seem like a good career move. I could rewrite the copied code without reporting him, but since the product is very close to release it would be difficult to make a significant change without providing some justification."

9 of 799 comments (clear)

  1. It's common sense by Fierythrasher · · Score: 5, Insightful

    When I was in grad school for programming my instructor taught us how to search for the code we needed on the web.

    Moreover in my professional career as a programmer I ran into several stumbling blocks where I couldn't figure something out. I'd google for code, or use helper sites like Tek-Tips where people could either correct my code or provide me new code.

    I'm paid for results, not for originality. If people provide code on the web as tutorial purposes or just as a friendly piece of help then I would be going against my job to not use it.

    Moreover, I ask: If you bought a book on, say, ASP and it had sample code that did exactly what you wanted, would you then rewrite that code so it was not what was in the book? Of course you wouldn't!

  2. Dunno; good question. by w3woody · · Score: 5, Insightful

    Generally whenever I post code on an open forum in response to an answer, I assume the code will be used by other people and so I generally treat my own code as if I just put it into the public domain unless I've explicitly said otherwise.

    However, that's not the law. I believe that the code an author publishes on an open forum is copyrighted by the author by default.

    Me; I'd probably drop the guy a brief informal note asking permission to reuse the code and see what he does. More often than not if he's like me he'll probably say "sure, I don't mind."

  3. But how do you know by GIL_Dude · · Score: 5, Insightful

    How do you actually know that this happened? From what you posted it seems just as likely that the author of the code worked for your company and saw some question in a web forum, took some code that was the companies' property (developed on their time and their equipment) and posted it to the web forum to answer someone's question. Do you have any way to be sure that that isn't your own companies' code out there?

  4. Re:Uhhhhh by caerwyn · · Score: 5, Insightful

    Ahh... technically speaking, this could be very bad advice in the business arena. While I'm not a lawyer, AFAIK code is copyrighted at the act of creation, and simply by making it available for viewing the author is not automatically giving up those rights. While it is highly unlikely that such a code snippet would cause problems down the road, it is not impossible that it could.

    Rewriting simply because it was written external to the company isn't a good thing. Rewriting because it was written external to the company and you're not certain of your company's license to legally make use of the code is an *entirely* different thing.

    The author not attaching a particular license to the code is not a blanket license to do with as you will. The author may have intended that, but I don't believe it's true in the legal sense.

    It might make more sense to go as you're suggesting, but given the mess that is current copyright law, a business ought to tread more carefully.

    --
    The ringing of the division bell has begun... -PF
  5. Re:Uhhhhh by morgan_greywolf · · Score: 5, Insightful

    Um, no. If you want to be technical, if there's no license attached to the code, then you can't use it. Copyright happens on an original work from the time it's published. There are no notice requirements. Without a license, you don't have permission to use the work.

    Now, in reality, the author posted it to a forum, probably with the intention of giving away the code. It would be entirely up to the author to sue and whether the author would sue or not -- well, I kinda doubt it.

    But, if I were you, OP, I'd check with your company's legal department and/or an attorney. Asking questions like this on Slashdot is likely to result in you getting a lot of misinformation.

    --
    My blog
  6. Re:Uhhhhh by TheWanderingHermit · · Score: 5, Insightful

    I'd also consider the possibility that you don't know the whole story. I found a version of some well known C code for Java and wanted to be sure, before I included it in a FOSS project, that even though it's based on a mathematical algorithm and that the code for that function in other languages has been published in many FOSS programs, that I could include the code in a FOSS project. In the long run, I tracked it down through several people and basically nobody cared what it was included in and I don't think anyone even wanted to bother to license it. In the long run I kept all the emails and notified the project owner. We did make mention of it in the comments, but didn't feel it appropriate to include any guess at licensing info.

    It's possible the project head already has permission to use it or may even know the programmer who posted the code to the forum. There could be any number of legit reasons why nothing was said about it in the code comments. It's even possible that post was made my the project leader under a different name.

    To me, this sounds like the OP is a quite young programmer who is looking for a chance to lead a moral crusade rather than get the job done. In my experience I avoid taking on employees like that because they seem more focused on making sure everyone else follows their ethics than in doing a good job on the task at hand.

  7. Re:Uhhhhh by king-manic · · Score: 5, Insightful

    To me, this sounds like the OP is a quite young programmer who is looking for a chance to lead a moral crusade rather than get the job done. In my experience I avoid taking on employees like that because they seem more focused on making sure everyone else follows their ethics than in doing a good job on the task at hand. Or he's a young programmer who is afraid he's the scapegoat.
    --
    "There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy."
  8. You already know the answer by Weaselmancer · · Score: 5, Insightful

    I'm new to the company, and the developer who copied the code is the project lead.

    You married? Got any kids? A mortgage?

    If the answer to any of the above is yes, then shut the hell up about it and get on with your day.

    If the answer to all of the above is no and you're in the mood for an ethics experiment - mention it to someone. Have your resume ready first. You're about to learn what the business world is really like.

    --
    Weaselmancer
    rediculous.
  9. Re:Uhhhhh by HiThere · · Score: 5, Insightful

    I believe that you are a lawyer.

    Your advice is, indeed, a legal way to proceed. It is also impossible for the poster. That's not one of his choices.

    Were I him, I would not admit to having noticed anything. Possibly, depending on personality factors, I might get into a discussion with the other code about copyrights, laws, and ethics, but I would be very careful to not admit having noticed that he might have done anything improper.

    You are talking here of a new hire. The low man on the totem pole. And this is a case where the proprietaries aren't entirely clear. (E.g., this person should definitely not attempt to acquire a commercial license, as he wouldn't have the right to comit his company to anything.)

    FWIW, I consider there to be a fair chance that the example is from a standard text on algorithms. I certainly have no proof that this is true, but it might well be. If so, the PURPOSE of the book was to share how to do various things, say Shell sorts. (Probably not, as that's now commonly built into languages.)

    That which you are suggesting is probably something that even the lead programmer wouldn't be able to get the department to do. Yes, it's the legal approach. And it's total impracticality is a small part of what's wrong with the legal approach, and why essentially nobody uses it.

    Personally, my favored way of avoiding this problem is to use GPL software...but it doesn't totally get around the problems that the legal approach has saddled us with. We weren't told what license the issued product would be under, and it might BE under GPL. This wouldn't solve any of the problems in this case...this case where there shouldn't BE any problems.

    Text published in a public forum without an attached license should BE public domain, with all liability resting on the person or entity who published it. (I'll grant that this would make the GPL a lot more like the BSD license, but in an ideal world those two would be identical in effect. It's the imperfections that cause me to adhere to the GPL.)

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.