Forgot your password?
typodupeerror
Programming IT Technology

How to Deal With Stolen Code? 799

Posted by ScuttleMonkey
from the delicate-situations dept.
greenrom writes "I work for a small company as a software developer. While investigating a bug in one of our products, I found source code on a website that was nearly identical to code used in our product. Even the comments were the same. It's obvious that a developer at our company found some useful code on the web and copied it. The original author didn't attach any particular license to the code. It's just 200 lines of code the author posted in a forum. Is it legitimate to use source code that's publicly available but doesn't fall under any particular license? If not, what's the best way to deal with this kind of situation? Since I'm now the only person working on this code, there's no practical way to report the situation confidentially. I'm new to the company, and the developer who copied the code is the project lead. Reporting him to management doesn't seem like a good career move. I could rewrite the copied code without reporting him, but since the product is very close to release it would be difficult to make a significant change without providing some justification."
This discussion has been archived. No new comments can be posted.

How to Deal With Stolen Code?

Comments Filter:
  • I can help (Score:5, Funny)

    by Anonymous Coward on Wednesday November 28, 2007 @03:43PM (#21508491)
    I'm a lawyer. Please contact me about suing some people for lots of money.
  • Well... (Score:5, Informative)

    by Anonymous Coward on Wednesday November 28, 2007 @03:44PM (#21508519)
    No license == normal copyright rules apply. You can't do anything with it unless the author gives you permission (licenses do this). What you need to do is either 1) Replace the offending code or 2) Contact the author and find out what the terms on the code are / negotiate a deal.
    • by davidwr (791652) on Wednesday November 28, 2007 @03:57PM (#21508763) Homepage Journal
      To the original poster:

      If your company want to be completely honest and above-board and legal, it must ask if it's okay to use the code. If the author says no or demand$ too much, you must not use it.

      Unless you are fortunate enough to get a fast "sure, go ahead and use it" you will miss your deadline. Sometimes a little cash - maybe as little as the amount of man-hours it would take you to rewrite and test it - will be enough to expedite getting permission.

      By the way, for all you know, the tech lead did ask permission, or the tech lead knows the code is already been dedicated to the public domain.

      If it were me, I'd talk to the tech lead. If the tech lead doesn't have permission already and isn't willing to go to management and do The Right Thing (TM), I'd start circulating your resume and talk to management about it. When you do talk to management, present them with options that are likely to 1) be acceptable to management and 2) get the product out the door as soon as possible.

      • Re: (Score:3, Insightful)

        by arminw (717974)
        ......Unless you are fortunate enough to get a fast "sure, go ahead and use it" you will miss your deadline..........

        Unless you are fortunate enough to figure out who REALLY wrote that code in the first place...... You might have 10,000th copy of it and no idea whom to ask for permission.
  • It's common sense (Score:5, Insightful)

    by Fierythrasher (777913) on Wednesday November 28, 2007 @03:45PM (#21508539) Homepage
    When I was in grad school for programming my instructor taught us how to search for the code we needed on the web.

    Moreover in my professional career as a programmer I ran into several stumbling blocks where I couldn't figure something out. I'd google for code, or use helper sites like Tek-Tips where people could either correct my code or provide me new code.

    I'm paid for results, not for originality. If people provide code on the web as tutorial purposes or just as a friendly piece of help then I would be going against my job to not use it.

    Moreover, I ask: If you bought a book on, say, ASP and it had sample code that did exactly what you wanted, would you then rewrite that code so it was not what was in the book? Of course you wouldn't!

    • by Merk (25521) on Wednesday November 28, 2007 @04:14PM (#21509031) Homepage

      If you buy a book on ASP, generally the sample code in there has a license that allows everybody (or at least people who bought the book) to use the code in any way they want. The same can't be said for virtually any code you find out on the web. The default for any new work is for it to be copyrighted and with no license. Unless your use of the copyrighted material falls under Fair Use, you're not allowed to use it; copying the entirety of a code snippet for use in a commercial application is not Fair Use.

      You'll probably never get in trouble for doing this, because probably most people (90%+) would say their posts are in the public domain if asked about it -- but until you've asked them, you have to assume that it's "look but don't touch".

    • Re:It's common sense (Score:4, Informative)

      by Se7enLC (714730) on Wednesday November 28, 2007 @04:48PM (#21509531) Homepage Journal
      Just because you bought a book that came with sample code doesn't mean you are allowed to use it:

      Numerical Recipes [nr.com] (in C, C++, etc), has a restrictive license [nr.com] that only allows you to use the code for personal non-commercial uses. There doesn't seem to be any provision for using those samples in commercial products.
  • Small potatoes (Score:4, Insightful)

    by crunzh (1082841) on Wednesday November 28, 2007 @03:46PM (#21508547) Homepage
    If the author doesn't attach any license and it's "just" some code from a forum posting I don't see a problem with it. I have several times posted code samples in forums to help people, I would not mind that they where used in someones commercial program, if I minded I would have attached some for of license. If its posted on a forum to help somebody, the poster must know that it will be used.
  • by w3woody (44457) on Wednesday November 28, 2007 @03:46PM (#21508553) Homepage
    Generally whenever I post code on an open forum in response to an answer, I assume the code will be used by other people and so I generally treat my own code as if I just put it into the public domain unless I've explicitly said otherwise.

    However, that's not the law. I believe that the code an author publishes on an open forum is copyrighted by the author by default.

    Me; I'd probably drop the guy a brief informal note asking permission to reuse the code and see what he does. More often than not if he's like me he'll probably say "sure, I don't mind."
  • by GIL_Dude (850471) on Wednesday November 28, 2007 @03:47PM (#21508559) Homepage
    How do you actually know that this happened? From what you posted it seems just as likely that the author of the code worked for your company and saw some question in a web forum, took some code that was the companies' property (developed on their time and their equipment) and posted it to the web forum to answer someone's question. Do you have any way to be sure that that isn't your own companies' code out there?
  • Spilling the beans (Score:4, Informative)

    by OctoberSky (888619) on Wednesday November 28, 2007 @03:48PM (#21508579)
    If you really want to spill the beans on this guy and get people to notice that he "stole" the code, then play stupid and show the forum to your boss and say "Look this guy took our code and posted it on this website" They will put one and one together and see that it was your office that actually copied it. Then it's in their hands and you we attempting to protect the company.

    Don't worry about the fact that the forum post was 4 months before you guys even started work on your project. In your haste to protect your companies IP you didn't realize you were the ones doing the copying.
    • by syousef (465911) on Wednesday November 28, 2007 @04:28PM (#21509241) Journal
      Don't worry about the fact that the forum post was 4 months before you guys even started work on your project. In your haste to protect your companies IP you didn't realize you were the ones doing the copying.

      Then you take a hit for looking incompetent. No one in their right mind wants to trust mission critical stuff to a guy that's proven they're sloppy. Playing "stupid" as you put it makes you look stupid. Plus it's gutless. Think about this: Who wants to promote someone that's gutless and stupid? No. With this kind of thing you either decide to front up with what you've found (and be discrete about it) or discuss it with no one (much less post on /.)

      Also if you approach the company don't jump to any conclusions. Just present the facts. For all you know someone at your company asked permission from the author (and though unlikely since there was no attribution, you shouldn't presume the coder's guilt). If you're using a code repository correctly it shouldn't be hard to track down the developer that wrote the code and enquire about it. Make sure you report the problem to the correct person if your company has formal reporting guidelines, but do so informally if possible at first. How things proceed from there is up to your company as laid out by their policies.

      I'm guessing that if you're asking on /. you don't feel compelled to become a whistleblower and sacrifice your career, but if you report up the chain a couple of levels and they do nothing you have to decide if it's worth doing just that. You have to pick your battles and live with the consequences of what decisions you make.

      If the code's easy to replace (and most 200 line snippets posted on a forum are), there shouldn't be an issue getting someone to write the replacement without seeing the original, the work to do so is not a huge liability to the company. However if your company has publicly released the code in one of their products it could be a much bigger issue because it potentially exposes the company to liability.
  • Don't sweat it (Score:5, Insightful)

    by GlobalEcho (26240) on Wednesday November 28, 2007 @03:49PM (#21508597)
    Don't sweat it. When I post code in a forum, I generally do so with the hope that other folks will find it useful, and the expectation that, if they do find it useful, they'll go ahead and copy it. If I want to make something available with a license and everything, I'll either put it on Sourceforge, or post a license in the comments. It's a safe bet the original author feels the same way.

    Legally, it's not necessarily safe to copy long snippets from forums, but from practical and social points of view, I think this is much ado about nothing.
  • Use it (Score:5, Insightful)

    by fhic (214533) on Wednesday November 28, 2007 @03:52PM (#21508659)
    I do this all the time. My feeling is that code snippets posted in a public forum are meant to be be used by others unless it says not to. Yes, I recognize that this is at least theoretically contrary to US copyright laws. But if you don't want someone to use it, why post it? To show your brilliant code?

    Since this specific case apparently bothers you, I think you should try to contact the author through some back-channel and get an explicit okay to use it. But I bet more than likely your request will be ignored or you'll get a "why the fsck are you asking such a dumb thing?" That's generally how I reply when someone asks me about code I've posted.
  • by BMonger (68213) on Wednesday November 28, 2007 @03:53PM (#21508673)
    Usually if it's a complicated section of code I'll include the URL in a comment above. If it's just a line or two I won't. Often times if it's from a forum I stay with that forum for a few weeks and try to contribute back in some way.

    If the code explicitly has a license attached to it I follow that of course. But I've not had to do that yet. I don't pull code from other project bases unless it's a library or such (in which case I follow the license). Only code that is meant to be viewed and used (such as forums/tutorials).
  • by Rob Riggs (6418) on Wednesday November 28, 2007 @03:54PM (#21508697) Homepage Journal
    This just popped up at the bottom of this article's page:

    Immature artists imitate, mature artists steal. -- Lionel Trilling
  • I wouldn't worry. (Score:4, Insightful)

    by jellomizer (103300) * on Wednesday November 28, 2007 @03:55PM (#21508731)
    Technically it is a copywrite violation but so is most anything now adays.

    If the person posted code on a forum then normally they do so expecting people to use it. Hense Posting it on a forum. Most forums go like this.

    First Post
    How do I do this?

    There is a reply
    Try this code.

    They usually replay with two options
    Sorry it didn't work or It worked thanks.

    You are probably just out of college were even looking at someone elses code is considered a great moral sin against humanity, where just the though of this could bar you away from higher education forcing you to live your life without being able to obtain a higher degree. In business if it works they use it even if it is a copy and paist. If it was something more problematic like say Using the source from an other companies code who had a strong license on it... Or using GPL code for non GPL reasons then there would be some consern. But for posting giving help to some one who wants to know how to do something it is basicly a non-issue.
  • Quick Points (Score:5, Informative)

    by cleetus (123553) on Wednesday November 28, 2007 @04:00PM (#21508825) Homepage
    IAALBTINLA (I am a lawyer but this is *not* legal advice)

    1. The original write owns the copyright to the code.
    2. By posting it to the BB, he might have agreed to license it under whatever terms by which the board operates. This might mean you have some license to use it (either implied or actual).
    3. The code copied by the developer might not be enough of the work as a whole to considered infringement.
    4. One test for determining whether computer code infringes copyright, in the USA at least, is the classic, yet ambiguous "abstraction, filtration, comparison" test. (If the copying was complete with comments, then that's not so good for the copier, but if the code accomplishes a trivial function, then not so much.)
    5. Speaking generally, it's important to be on the lookout for situations like this. For instance, if code is copied from an open-source project, then significant consequences can follow (c.f. the Asus story below this one.)
    6. If you are concerned, talk with your company's legal counsel.

  • Hmm, Let's see... (Score:5, Insightful)

    by aminorex (141494) on Wednesday November 28, 2007 @04:05PM (#21508903) Homepage Journal
    Gee, it's a dilemma: You could (1) talk to the guy about it, or (2) wave it over the global press under a pseudonym pretending that no one will guess who you are.

    Let me think about this for a minute...
  • IANAL (Score:5, Funny)

    by Greyfox (87712) on Wednesday November 28, 2007 @04:07PM (#21508923) Homepage Journal
    But I bet your company has one. Wait, I'm getting an idea... yes... yes... no, lost it. I'm sure it would have been the best legal advice ever posted on Slashdot, though...
  • Use your head. (Score:5, Insightful)

    by SatanicPuppy (611928) * <Satanicpuppy@ g m a i l . c om> on Wednesday November 28, 2007 @04:10PM (#21508979) Journal
    Just for me personally, if I put some code I wrote out in a forum, I expect someone to use it other than myself. Someone asks a question, I throw out a chunk of code, we're done. I don't care where it ends up. Likewise if I find an example that someone has put on the web when I was searching for something to do that exact thing, I'll grab it and adapt it to my use on the principle that that's what it's there for.

    Forums can be kind of a greyer area. I once had a guy who was maintaining a system I wrote put a decent chunk of my code in a forum; source code, mind you, not just a script. It was a whole program, and while I never sold that particular piece to do anything by itself, it was a part of a product I did make a decent bit of money on, and a pretty clear-cut breach of my IP for some joker to just post it (they'd signed a contract dealing with redistribution, so it was in writing).

    I called them, they apologized, disciplined the guy, and hired me to do the change he'd been trying to do (he'd posted the code trying to get someone to tell him what it did), and paid me at a higher rate. I let it slide because it wasn't a big deal (non-critical code), and they dealt with it to my satisfaction.

    If, at some later date, I'd found that code verbatim in someone else's system, I might have mentioned it to them, as an aside, but I wouldn't have tried to claim damages or make them remove it. At that point it is WAY too difficult to trace provenance, and hard to prove any sort of knowing violation. It had been released, I'd taken it up from the people who released it, it was done.

    In short: If someone releases code with no license attached and you use it and it turns out later it was licensed you're going to have to deal with the consequences of that. If it turns out it wasn't licensed (or was BSD licensed) you're in the clear, even if it was a case like mine where the code was released by a party that wasn't authorized to release it.

    The internet is a nice tool to keep from re-inventing the wheel, but if you take anything more than a little subroutine, you better know what rights you have with regards to it because it can seriously bite you in the ass.
  • by starseeker (141897) on Wednesday November 28, 2007 @04:13PM (#21509025) Homepage
    Not specific to this situation, but there almost certainly has to be a practical limit to how much code you need before something is under copyright.  For example, the single line

    (+ 1 1)

    could not be reasonably subject to copyright (IMHO, IANAL, etc.)  IIRC there is some rule about originality that this would not satisfy.  OK, what about:

    ;Code to print out "hello world"
    (defun hello-world () (format t "hello world"))

    Exceedingly simple, entirely trivial, and arguably not creative or original, but more gray than the first example.

    What about:

    ;Code to add two numbers and multiply by a third number
    (defun calc-with-three-numbers (a b c) (* (+ a b) c))

    Still trivial, but you get the idea - at what point do we cross the line into copyrightable material?

    Also, let's assume (for the sake of argument) the last example above is copyrightable.  If someone else independently working on the same problem does:

    ;(x+y)*z
    (defun f1 (x y z) (* (+ x y) z))

    Would that constitute a copyright violation of the above formula? They do precisely the same thing using exactly the same algorithm, but look very different.  Is the second in violation of copyright of the first?

    In practice, some problems have an "optimal" solution that most skilled programmers will eventually converge on (if they are good at their jobs).  To my mind this might end with comments being (sometimes) copyrightable and code being defined as a mathematical algorithm, which (IMHO) is much closer to the true situation.  But I don't know what the legal definitions are for this issue - anybody know if Groklaw has dug up any related material?
  • by Weaselmancer (533834) on Wednesday November 28, 2007 @04:20PM (#21509119)

    I'm new to the company, and the developer who copied the code is the project lead.

    You married? Got any kids? A mortgage?

    If the answer to any of the above is yes, then shut the hell up about it and get on with your day.

    If the answer to all of the above is no and you're in the mood for an ethics experiment - mention it to someone. Have your resume ready first. You're about to learn what the business world is really like.

    • by petes_PoV (912422) on Wednesday November 28, 2007 @04:48PM (#21509535)
      You're about to learn what the business world is really like.

      Or, depending on how the project lead is viewed in the company, this could be the fastest promotion you'll ever get.

      Before you talk to anyone about this, do some discrete research about who might be sympathetic to your situation, who the lead's enemies are and think about just how much politics you want to get involved in

    • by slothman32 (629113) * <pjackso5&rochester,rr,com> on Wednesday November 28, 2007 @05:36PM (#21510223) Homepage Journal
      No; you should always do ethical dilemmas.
      I once read a comment on /. about someone saying their contract to their family was more important that that of the company they worked for.
      I don't know the exact extent of the problem here but that would mean that anybody with a family could do unethical, maybe even illegal, things and use the excuse, "I have to do it to support my family." "They won't survive if I don't do the bad things my companies want because a McJob won't cut it."

      The business world probably is like that. That doesn't mean you should be.

      I wonder if this is a cognitive dissonance.
      Ethical job and family support are both needed but can't be at the same time.
      The remedy is to make one more important than the other.
      The other then doesn't exist in this comparison.
  • by merreborn (853723) on Wednesday November 28, 2007 @04:36PM (#21509351) Journal

    Since I'm now the only person working on this code, there's no practical way to report the situation confidentially. I'm new to the company, and the developer who copied the code is the project lead. Reporting him to management doesn't seem like a good career move. I could rewrite the copied code without reporting him, but since the product is very close to release it would be difficult to make a significant change without providing some justification


    Hopefully you're working for a decent guy, and you can just say "Hey, dude, I was researching this bug, and in the process, found this code on this forum. You think we should be worried about copyright issues?"

    He may, like several slashdotters in this thread, be completely unaware of the fact that code is automatically copyrighted in the US.
    He may have been aware, but just lazy, and say "Yeah, we should do something about that".
    He may say "Who cares? No one will ever find out!". In that case, *then* you may consider going over his head and raising the issue with his superiors.

    If he's a decent guy at all, he'll appreciate your coming to him politely with your concerns. But even if he's the type of vindictive halfwit likely to take offense at your discovery, he'd probably be hard pressed to come up with an excuse for taking action against you. And really, if you're working for someone like that, you should strongly consider looking for a new position elsewhere.
  • by edwardpickman (965122) on Wednesday November 28, 2007 @04:38PM (#21509381)
    So Vista Service Pack 1 is about ready for release?
  • by dFaust (546790) on Wednesday November 28, 2007 @04:48PM (#21509539)

    So let's be honest, this is a pretty common occurrence. Often times when people post code online in a forum, it's expected by the author that people will lift the code... in fact, that's why it's being posted to the forum! I understand that without an explicit license or authorization from the original author that this is not legal... good, fine, whatever - not trying to debate the legalities of it.

    What bothers me here is that the original poster seems to be implying some act of malice on the part of his co-worker. Now, I don't know the full details of the situation, maybe there are valid reasons why he would feel that way. But he didn't even hint at that in his question to Slashdot but does mention his inclination to report him to managment. Really?? I mean... REALLY??? Could this not be an honest mistake stemming from a misunderstanding of the law? Perhaps the co-worker had private exchanges with the code author regarding using the code. Should portraying your co-worker as a criminal to management really even be considered as your first course of action?

    I'll let others give their suggestions on how to deal with the situation, but the way the co-worker was portrayed here just rubbed me wrong. I've seen this same thing plenty of times, and it's never been anything but an innocent mistake... both on the part of the person copying and the person posting the code, because in my personal experiences the poster's intent was to make the code freely available but lacking knowledge of copyright law prevented them from expressly stating so in the forum. I'm guessing there's a good chance it can be resolved fairly easily without pissing anyone off or getting anyone fired.

  • by mlwmohawk (801821) on Wednesday November 28, 2007 @05:52PM (#21510413)
    If the original author posted the code to a forum as an example, without disclaiming any assumed or implied rights, then you are free to use it. The mere act of publicly posting the example is clearly an act that grants permission to use, however, you should look at the forum copyright policy as that may have further limitations.
  • by SwashbucklingCowboy (727629) on Wednesday November 28, 2007 @06:01PM (#21510549)

    There is a question of provenance of the code. Just because you found it on some web site doesn't mean THEY didn't copy it from somewhere else and remove the copyright notices - it happens. It's also possible that both got if from a public domain source (there isn't that much code in the public domain, but there is some). However, I strongly suggest you report it to your superiors within the company. If they decide not to do anything about it then don't worry.

    Copyright infringement is one of those things where ignorance is not bliss. The longer it goes on, the higher your company's potential liability.

  • Summary (Score:4, Interesting)

    by Jherico (39763) <bdavis AT saintandreas DOT org> on Wednesday November 28, 2007 @06:25PM (#21510823) Homepage
    Based on the replies to this, there appear to be three basic camps of thinking, which can be summarized by the extremes.

    Camp A people would fire someone for taking the time to worry about this because it happens all the time and you're never going to get caught, and the original author of the code probably meant it to be public anyway, even though its illegal.

    Camp B people would fire someone for NOT taking the time to worry about this because its illegal, regardless of intent of the original author and if it came to light it would expose the company to bad press and possibly litigation.

    Camp C people have no earthly clue how copyright law actually works and are speaking out of their collective asses. Sadly, these people would most likely reason along the same lines as Camp A out of ignorance rather than malice and simply behave the same way with the exception that they don't realize they're breaking the law.

    The original poster can certainly decide what kind of person he is (probably B since he asked the question in the first place) and can probably make a guess about what kind of people his employers are (I'm guessing A, again since he had to ask). Then you have to decide what is more important, your job or your ethics. It is a slippery slope when you first start copying code. I had a friend who copied code once. Now he professionally eats babies. True story.

    The fact is that all the commonsense notions about how copyright law works or should work don't take into account that copyright law is not written by individuals, but largely by companies like Disney and Warner Brothers (among others), companies that have a vested interest in maintaining control over a certain mouse and rabbit (among others), both of whom would now long since be in the public domain if not for the endless [wikipedia.org] succession [wikipedia.org] of copyright extensions lobbied for by said corporations. Originally (well, since 1909) copyright expired after 28 years, or 56 if you decided to renew it. And this was a copyright you had to explicitly register. In 1976, copyright became automatic and consisted of life plus 50 years after the authors death (or a static 75 years for 'work for hire'). In 1998 it became life + 70 and either 120 years after creation, or 95 years after publication, whichever is sooner. Its interesting to note the effect on Mickey Mouse. Created in 1928, MM would have left copyrighted status (though still been covered under trademark restrictions) in 1984. Because of the 1976 act, that was pushed to 2003. The 1998 act pushed that back to 2023 at the earliest. So look for another copyright law in 2018 or so.

  • Regarding legality (Score:4, Informative)

    by Schraegstrichpunkt (931443) on Wednesday November 28, 2007 @08:15PM (#21512199) Homepage
    The question to ask is, "If I were sued by the author of this code for copyright infringement, would I have sufficient evidence to defend myself in court?" If the answer is "no", then you shouldn't be distributing the code.

    IANAL; YMMV.

  • by NullProg (70833) on Wednesday November 28, 2007 @09:22PM (#21512857) Homepage Journal
    While investigating a bug in one of our products, I found source code on a website that was nearly identical to code used in our product.

    Was the bug within the copied code? Sometimes copyright isn't an issue with copied code. Its product quality.

    The three instances of copied code I've found in our commercial product caused major headaches because the code got past QA and failed in the field. It didn't scale, had timing issues, etc.

    In all three cases when I confronted the programmers they could not explain how "their" code worked. In all three cases I didn't have them fired. I made them fix it and apologize to the boss (who had to apologize to our customers).

    As a result, I now have two decent programmers who write their own code. They ask for help when its needed instead of copying off of the internet.

    Enjoy,
  • context matters (Score:3, Insightful)

    by sentientbrendan (316150) on Wednesday November 28, 2007 @09:55PM (#21513127)
    If code is posted on a forum, whether or not it has a license attached to it may not matter. Many forums used by programmers require that posters give the right to use the example code posted, etc. Please check with forums FAQ before panicking.

    You should probably just mention it to him and offer to rewrite it. It would be wise to not act in an accusatory manner when bringing it up. Remember that there are a lot of sources out there that are meant to be used as example code, and that if permission to copy is given it isn't "cheating" to do so.

"It is easier to fight for principles than to live up to them." -- Alfred Adler

Working...