Slashdot Mirror

← Back to Stories (view on slashdot.org)

How to Deal With Stolen Code?

Posted by ScuttleMonkey on from the delicate-situations dept.

greenrom writes "I work for a small company as a software developer. While investigating a bug in one of our products, I found source code on a website that was nearly identical to code used in our product. Even the comments were the same. It's obvious that a developer at our company found some useful code on the web and copied it. The original author didn't attach any particular license to the code. It's just 200 lines of code the author posted in a forum. Is it legitimate to use source code that's publicly available but doesn't fall under any particular license? If not, what's the best way to deal with this kind of situation? Since I'm now the only person working on this code, there's no practical way to report the situation confidentially. I'm new to the company, and the developer who copied the code is the project lead. Reporting him to management doesn't seem like a good career move. I could rewrite the copied code without reporting him, but since the product is very close to release it would be difficult to make a significant change without providing some justification."

17 of 799 comments (clear)

  1. I can help by Anonymous Coward · · Score: 5, Funny

    I'm a lawyer. Please contact me about suing some people for lots of money.

  2. Well... by Anonymous Coward · · Score: 5, Informative

    No license == normal copyright rules apply. You can't do anything with it unless the author gives you permission (licenses do this). What you need to do is either 1) Replace the offending code or 2) Contact the author and find out what the terms on the code are / negotiate a deal.

  3. It's common sense by Fierythrasher · · Score: 5, Insightful

    When I was in grad school for programming my instructor taught us how to search for the code we needed on the web.

    Moreover in my professional career as a programmer I ran into several stumbling blocks where I couldn't figure something out. I'd google for code, or use helper sites like Tek-Tips where people could either correct my code or provide me new code.

    I'm paid for results, not for originality. If people provide code on the web as tutorial purposes or just as a friendly piece of help then I would be going against my job to not use it.

    Moreover, I ask: If you bought a book on, say, ASP and it had sample code that did exactly what you wanted, would you then rewrite that code so it was not what was in the book? Of course you wouldn't!

    1. Re:It's common sense by samkass · · Score: 5, Informative

      You're saying there's an implicit copyright in every web post, then? So this post I'm typing now, if someone put it in a newsletter, I could then sue them for taking my post which is my copyright?

      Yes! Now you're catching on! There *is* an implicit Copyright (at least in the United States) on *everything*. Unless the author has agreed to some other license, you need to ask their permission to reproduce it in its entirety (or any use that goes beyond "Fair Use"). Some sites have blanket licenses to everything posted on them that implicitly assigns copyrights of all contributions-- Wikipedia, for example. But if the site hasn't made such arrangements, and the author hasn't made such arrangements, and the "borrower" hasn't made such arrangements, Copyright has been violated.

      As for books, some books grant a license for all sample code in the book to be used by the purchaser of the book in any way. Some don't (Numerical Recipies is the most commonly cited example-- it's an entire book of stuff you're not allowed to use. It's a very annoying book that way, needless to say).

      It sounds like you seriously need to learn a little bit about Copyrights before you get yourself and your employer in serious trouble.

      --
      E pluribus unum
  4. Dunno; good question. by w3woody · · Score: 5, Insightful

    Generally whenever I post code on an open forum in response to an answer, I assume the code will be used by other people and so I generally treat my own code as if I just put it into the public domain unless I've explicitly said otherwise.

    However, that's not the law. I believe that the code an author publishes on an open forum is copyrighted by the author by default.

    Me; I'd probably drop the guy a brief informal note asking permission to reuse the code and see what he does. More often than not if he's like me he'll probably say "sure, I don't mind."

  5. But how do you know by GIL_Dude · · Score: 5, Insightful

    How do you actually know that this happened? From what you posted it seems just as likely that the author of the code worked for your company and saw some question in a web forum, took some code that was the companies' property (developed on their time and their equipment) and posted it to the web forum to answer someone's question. Do you have any way to be sure that that isn't your own companies' code out there?

  6. Re:Uhhhhh by show+me+altoids · · Score: 5, Informative

    If the author of the code posted it in a forum, I would personally call that implicit permission to use the code. Otherwise, why even post it? To show off his great coding ability? Every programmer (myself included) does this all the time and I have never heard of "Forum police" going after them. As to the legality of downloading it, if it is showing in your browser window, you have already downloaded it.

    --
    I feel sorry for people that don't drink, because when they get up in the morning, that's as good as they're gonna feel
  7. Re:Due dilligence and move on by Nevo · · Score: 5, Informative
    If there is no copyright claim by the original author then I don't see what the problem is. AFAIK that means it's in the public domain....

    You'd be wrong. (At least in the United States you would.)

    From http://www.copyright.gov/circs/circ1.html: "Copyright protection subsists from the time the work is created in fixed form. The copyright in the work of authorship immediately becomes the property of the author who created the work" and "The use of a copyright notice is no longer required under U.S. law...."

  8. Re:Uhhhhh by caerwyn · · Score: 5, Insightful

    Ahh... technically speaking, this could be very bad advice in the business arena. While I'm not a lawyer, AFAIK code is copyrighted at the act of creation, and simply by making it available for viewing the author is not automatically giving up those rights. While it is highly unlikely that such a code snippet would cause problems down the road, it is not impossible that it could.

    Rewriting simply because it was written external to the company isn't a good thing. Rewriting because it was written external to the company and you're not certain of your company's license to legally make use of the code is an *entirely* different thing.

    The author not attaching a particular license to the code is not a blanket license to do with as you will. The author may have intended that, but I don't believe it's true in the legal sense.

    It might make more sense to go as you're suggesting, but given the mess that is current copyright law, a business ought to tread more carefully.

    --
    The ringing of the division bell has begun... -PF
  9. Re:Uhhhhh by morgan_greywolf · · Score: 5, Insightful

    Um, no. If you want to be technical, if there's no license attached to the code, then you can't use it. Copyright happens on an original work from the time it's published. There are no notice requirements. Without a license, you don't have permission to use the work.

    Now, in reality, the author posted it to a forum, probably with the intention of giving away the code. It would be entirely up to the author to sue and whether the author would sue or not -- well, I kinda doubt it.

    But, if I were you, OP, I'd check with your company's legal department and/or an attorney. Asking questions like this on Slashdot is likely to result in you getting a lot of misinformation.

    --
    My blog
  10. You could ask politely by davidwr · · Score: 5, Informative

    To the original poster:

    If your company want to be completely honest and above-board and legal, it must ask if it's okay to use the code. If the author says no or demand$ too much, you must not use it.

    Unless you are fortunate enough to get a fast "sure, go ahead and use it" you will miss your deadline. Sometimes a little cash - maybe as little as the amount of man-hours it would take you to rewrite and test it - will be enough to expedite getting permission.

    By the way, for all you know, the tech lead did ask permission, or the tech lead knows the code is already been dedicated to the public domain.

    If it were me, I'd talk to the tech lead. If the tech lead doesn't have permission already and isn't willing to go to management and do The Right Thing (TM), I'd start circulating your resume and talk to management about it. When you do talk to management, present them with options that are likely to 1) be acceptable to management and 2) get the product out the door as soon as possible.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  11. Quick Points by cleetus · · Score: 5, Informative

    IAALBTINLA (I am a lawyer but this is *not* legal advice)

    1. The original write owns the copyright to the code.
    2. By posting it to the BB, he might have agreed to license it under whatever terms by which the board operates. This might mean you have some license to use it (either implied or actual).
    3. The code copied by the developer might not be enough of the work as a whole to considered infringement.
    4. One test for determining whether computer code infringes copyright, in the USA at least, is the classic, yet ambiguous "abstraction, filtration, comparison" test. (If the copying was complete with comments, then that's not so good for the copier, but if the code accomplishes a trivial function, then not so much.)
    5. Speaking generally, it's important to be on the lookout for situations like this. For instance, if code is copied from an open-source project, then significant consequences can follow (c.f. the Asus story below this one.)
    6. If you are concerned, talk with your company's legal counsel.

  12. Re:Uhhhhh by TheWanderingHermit · · Score: 5, Insightful

    I'd also consider the possibility that you don't know the whole story. I found a version of some well known C code for Java and wanted to be sure, before I included it in a FOSS project, that even though it's based on a mathematical algorithm and that the code for that function in other languages has been published in many FOSS programs, that I could include the code in a FOSS project. In the long run, I tracked it down through several people and basically nobody cared what it was included in and I don't think anyone even wanted to bother to license it. In the long run I kept all the emails and notified the project owner. We did make mention of it in the comments, but didn't feel it appropriate to include any guess at licensing info.

    It's possible the project head already has permission to use it or may even know the programmer who posted the code to the forum. There could be any number of legit reasons why nothing was said about it in the code comments. It's even possible that post was made my the project leader under a different name.

    To me, this sounds like the OP is a quite young programmer who is looking for a chance to lead a moral crusade rather than get the job done. In my experience I avoid taking on employees like that because they seem more focused on making sure everyone else follows their ethics than in doing a good job on the task at hand.

  13. Re:Uhhhhh by king-manic · · Score: 5, Insightful

    To me, this sounds like the OP is a quite young programmer who is looking for a chance to lead a moral crusade rather than get the job done. In my experience I avoid taking on employees like that because they seem more focused on making sure everyone else follows their ethics than in doing a good job on the task at hand. Or he's a young programmer who is afraid he's the scapegoat.
    --
    "There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy."
  14. You already know the answer by Weaselmancer · · Score: 5, Insightful

    I'm new to the company, and the developer who copied the code is the project lead.

    You married? Got any kids? A mortgage?

    If the answer to any of the above is yes, then shut the hell up about it and get on with your day.

    If the answer to all of the above is no and you're in the mood for an ethics experiment - mention it to someone. Have your resume ready first. You're about to learn what the business world is really like.

    --
    Weaselmancer
    rediculous.
  15. Re:Uhhhhh by msslc3 · · Score: 5, Informative
    I am a lawyer, and while this is not legal advice to anyone I would personally contact the poster and ask to buy a license to reuse the code in a commercial product. Sure you could rewrite the code but the time saved in not having to do that could be worth a reasonable price for a license. If you bought a license you could also ask for proof of authorship and ownership.

    If you instead rewrite the code, you face the possible claim that your new code is a derivative work which is also covered by the original author's copyright. The "cleanroom" approach is sometimes used to avoid this. Have someone who has seen the original code spec the functions, and give the spec but not the original code to a programmer who has never seen the original. Document carefully what you have done and why. If the programmer who writes the code has no access to the original, he can't copy it. Then you only have to worry about software patents -- but that's a separate issue.

  16. Re:Uhhhhh by HiThere · · Score: 5, Insightful

    I believe that you are a lawyer.

    Your advice is, indeed, a legal way to proceed. It is also impossible for the poster. That's not one of his choices.

    Were I him, I would not admit to having noticed anything. Possibly, depending on personality factors, I might get into a discussion with the other code about copyrights, laws, and ethics, but I would be very careful to not admit having noticed that he might have done anything improper.

    You are talking here of a new hire. The low man on the totem pole. And this is a case where the proprietaries aren't entirely clear. (E.g., this person should definitely not attempt to acquire a commercial license, as he wouldn't have the right to comit his company to anything.)

    FWIW, I consider there to be a fair chance that the example is from a standard text on algorithms. I certainly have no proof that this is true, but it might well be. If so, the PURPOSE of the book was to share how to do various things, say Shell sorts. (Probably not, as that's now commonly built into languages.)

    That which you are suggesting is probably something that even the lead programmer wouldn't be able to get the department to do. Yes, it's the legal approach. And it's total impracticality is a small part of what's wrong with the legal approach, and why essentially nobody uses it.

    Personally, my favored way of avoiding this problem is to use GPL software...but it doesn't totally get around the problems that the legal approach has saddled us with. We weren't told what license the issued product would be under, and it might BE under GPL. This wouldn't solve any of the problems in this case...this case where there shouldn't BE any problems.

    Text published in a public forum without an attached license should BE public domain, with all liability resting on the person or entity who published it. (I'll grant that this would make the GPL a lot more like the BSD license, but in an ideal world those two would be identical in effect. It's the imperfections that cause me to adhere to the GPL.)

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.