In a previously supported case of alleged software copyright infringement, the plaintiff brought suit against the defendant for allegedly continuing to use the plaintiff’s copyrighted software source code in the defendant’s products after termination of a license agreement between the parties. Fortunately, automated tools helped experts to quickly and inexpensively detect copying of software source code.
Source Code Comparison
Some of the most powerful tools for doing direct comparisons between a pair of source code sets are from SAFE Corporation. SAFE’s CodeMatch tool works by comparing each file of source code in the first set with every file of code in the second set. Results are presented in a table that is sorted by the relative amount of matching code in the files. Software expert witnesses use these tools such as this one to detect copying in which variable and function names and other details were subsequently changed. Through the use of such tools, software experts can even detect code that was copied from one programming language into another.
TIP: To ensure that the comparison of source code is successful, it is strongly recommended that source code for each product related to the case be provided to the experts early in the litigation process.
Other SAFE tools often used by experts to detect other potential methods of copying include BitMatch and SourceDetective. BitMatch can compare a pair of executable binary programs or one party’s source code against another’s executable code. This helps expert witnesses identify strings that appear in both programs. By automatically searching the Internet for hundreds or thousands of matching phrases, SourceDetective helps software experts rule out the scenario where two programs are only similar because both borrowed from a third program.
The Copyleft Dilemma
Sometimes code may be copied from open source software. Open source software is subject to so-called copyleft licenses. Copyleft licenses are a special type of copyright that makes source code open to the public. Copyleft language is drafted to ensure that the source code for certain categories of derived work are also open to the public. This creates problems for companies that wish to keep their source code private but also rely upon open source software.
Fortunately, software experts can detect the presence of part of all of an open source software package within a proprietary program with the help of tools such as those from Black Duck Software and Protecode, both of whom have now been acquired by Synopsys. Both tools work similarly. Each company maintains a database of hundreds of thousands of known open source packages against which the case-related source code is tested. Results are presented as a list of open source packages from which code may have been copied.
Good to Know: To ensure that the proprietary source code remains inside a trusted network, this testing can be done entirely on a personal computer running Microsoft Windows.
The Analysis Process for Copyright Infringement
Unfortunately, the precision of CodeMatch is lost in trying to cast such a broad net for potential copying. The tools from BlackDuck and Protecode do not actually compare code against each and every of the millions of source code files in their databases. Instead, files of case-related source code are reduced to simpler representations of their structures. They then compute unique mathematical signatures for those new files. This signature is subsequently compared to a similar representation of the files in their database. As a result, you get lots of false positives. Some open source packages that weren’t actually copied usually turn up in the results list.
When searching for potential copying of open source code, the database from BlackDuck or Protecode is searched first. To eliminate false positives, experts then perform a more thorough analysis by obtaining the listed open source packages and using CodeMatch to compare the proprietary code against them file-by-file.
With the help of tools like those mentioned here, software expert witnesses can now quickly ascertain whether source code copying has taken place. Prior to the appearance of these tools, it was necessary for an expert in software development to manually perform dozens of searching and comparison steps. Now, when software experts use tools such as these and are able to conduct the investigation early in litigation, legal teams can dramatically reduce the overall cost of such analysis.
Barr Group's team of electronics and software expert witnesses provide experienced and unbiased source code reviews, expert reports and testimony for product liability, patent infringement, software copyright, and trade secrets litigation involving computer-based technology and software. HIRE AN EXPERT