SAFE Banner

FEBRUARY 2009

VOLUME 1, ISSUE 2

Software Scan

The President's Column

How much does IP theft hurt businesses? A lot apparently. In this issue's Scanning IP section I discuss the recent report from McAfee entitled "Unsecured Economies: Protecting Vital Information."

While you're most likely familiar with SAFE's CodeMatch tool for comparing source code files, are you familiar with our BitMatch tool for comparing binary files? If not, read the Scanning Tools section to learn more.

In this troubled economy, the difference between two candidates for employment or for contract work can come down to their specific knowledge. Is your knowledge of software IP up to date? If not, take our MCLE accredited course in software IP. Looking to work as an expert on a software IP case? Take our CodeSuite certification course to come up to speed on all the functionality of CodeSuite and how to apply its results in litigation.

Send me your comments and critiques. I'm always interested in hearing from you.

Regards,

Bob Zeidman
President, SAFE Corporation


Scanning IP

Just How Bad is IP Theft?
Pretty bad according to a research report just released from McAfee, Inc. According to the report:

Companies surveyed estimated that they lost an average of $4.6 million worth of
intellectual property in 2008. Forty-two percent said laid-off employees were the single
biggest threat
to their intellectual property and other sensitive data they faced in the
current economic climate.

The report also states four key findings:

  1. Increasing amounts of IP and sensitive customer data are being sent around the world and a percentage is being lost.
  2. The worsening economy is creating a "perfect information security risk storm" because laid off employees stealing IP now constitutes the largest risk.
  3. The countries of China, Pakistan, and Russia are particularly bad risks of IP loss.
  4. Cyberthieves have grown more sophisticated. Now rather than steal credit card numbers, why not steal the IP for creating the credit card processing programs?

To download the report, go to McAfee Unsecured Economy Report.

Advanced Tools to Detect Software Plagiarism and IP Theft

CodeSuite®
A sophisticated set of tools for analyzing software source code and object code including:

BitMatch®
Check binary object code for plagiarism.

CodeCross
Cross check source code for plagiarism.

CodeDiff®
Compare source code to find differences and measure changes.

CodeMatch®
The premiere tool for pinpointing copying.

SourceDetective
Scour the Internet for plagiarized code.

CodeGrid
Turbo charge your analysis on a supercomputer grid.

Get Smart

SAFE offers training at our facility or yours. Contact us to make arrangements:

MCLE credit in software IP

CodeSuite certification

New CodeSuite Release

SAFE has just released CodeSuite version 3.3. In addition to CodeCross, the new tool for finding copied nonfunctional source code, it also allows filtering of databases using Internet hits found from SourceDetective. It also has easier navigating of detailed reports. Download it here for free.

Scanning Tools

Comparing binaries
CodeMatch is a great tool for comparing source code from two different programs to detect copying. But you typically don't have access to your competitor's source code for comparison. What do you do then? You can go to court to force your competitor to turn over their source code, but only after you've convinced the judge that there's a reasonable possibility of copyright infringement or trade secret theft. BitMatch allows you to compare your source code against your competitor's executable binary files. If there's no correlation, there may still be copying that's been undetected. But if BitMatch finds something, you may be able to convince a judge, and yourself, that the case is worth pursuing.

How does BitMatch work. Very simply. For many years, academics have come up with complex, slow, inaccurate processes for reverse engineering binary code into source code. To find correlation between this "decompiled" code and your original code is virtually impossible. BitMatch simply looks for strings in the binary. These string may be error messages or instructions on using the program. If messages in your competitor's program match those in your program... well you should be suspicious. BitMatch is also able to find the names of some variables and program routines hidden in the binary. Again, a match with your variables and program routines is cause for concern.

BitMatch is available with CodeSuite and can be downloaded for free from the SAFE Corporation website.

This newsletter is not legal advice. Views expressed herein should be checked for accuracy and current applicability.
Copyright 2009 Software Analysis & Forensic Engineering Corporation