SAFE Banner

MARCH 2009

VOLUME 1, ISSUE 3

Software Scan

The President's Column

More confirmation that IP theft is hurting businesses. In last issue's Scanning IP section I discussed the recent report from McAfee entitled "Unsecured Economies: Protecting Vital Information." In this issue I discuss the report from the Ponemon Institute that echoes those numbers and gives some interesting (perhaps scary) statistics.

While you're most likely familiar with SAFE's CodeMatch tool for comparing source code files, are you familiar with our SourceDetective tool for searching the Internet? If not, read the Scanning Tools section to learn more.

SAFE just got its first patent and we're really proud! Read about it in the bottom right corner of this newsletter.

Send me your comments and critiques. I'm always interested in hearing from you.

Regards,

Bob Zeidman
President, SAFE Corporation


Scanning IP

Just How Bad is IP Theft (Part 2)?
Last month I talked about a report from McAfee, Inc. that discussed the huge amount of intellectual property that gets stolen from companies. A new report from the Ponemon Institute confirms this data. According to this report, more than half of workers that are let go from their employers take confidential data and intellectual property with them as they head out the door.

Here are some interesting statistics from the report (we all love statistics):

  • 945 individuals who were laid off, fired or quit their jobs in the past 12 months were surveyed.
  • 59% admitted to stealing company data.
  • 67% used their former company’s confidential information to help get a new job.
  • 61% of respondents who disliked their company took data.
  • 26% of those who liked their company still took data.
  • 79% of those who took data rationalized it rather than call it wrong.
  • 24% claimed to still have access to their former employer’s computers after they left.

For more information you can read the Network World article.

Advanced Tools to Detect Software Plagiarism and IP Theft

CodeSuite®
A sophisticated set of tools for analyzing software source code and object code including:

BitMatch®
Check binary object code for plagiarism.

CodeCross
Cross check source code for plagiarism.

CodeDiff®
Compare source code to find differences and measure changes.

CodeMatch®
The premiere tool for pinpointing copying.

SourceDetective®
Scour the Internet for plagiarized code.

CodeGrid
Turbo charge your analysis on a supercomputer grid.

Get Smart

SAFE offers training at our facility or yours. Contact us to make arrangements:

MCLE credit in software IP

CodeSuite certification

CodeSuite Patent Issued

We're jumping the gun a bit, but SAFE Corporation will soon be issued its first patent (March 10 to be exact). U.S. Patent number US 7,503,035 is entitled "Software Tool For Detecting Plagiarism In Computer Source Code." There are several more patents in the pipeline, and SAFE is proud of its inventor-employees. Remember, you can download CodeSuite here for free.

Scanning Tools

Is it truly unique? Search the Internet!
When CodeMatch turns up identical and nearly identical variable and function names in two sets of source code, how do you know that this represents copying? Lots of programmers use the names count and index and array , for example. Finding them in two sets of code doesn't mean the code was copied. How about MQADsPathToFormatName? That seems pretty unique, right? Actually it's a Windows API and you could expect to find it in the source code for many different programs that run on Windows. Search for it on Yahoo and it comes up 10 times. Not a lot of times, but enough to suggest you do some more digging and find out what it is. But if two programs contain a variable called ThisWasCopiedIllegally, the term doesn't show up at all on Yahoo. That would make you suspicious - a variable shows up in two programs, one accused of being copied from the other, and nowhere else on the entire Internet.

This is the beauty of SourceDetective. CodeMatch may find hundreds or thousands of identifier names that match in two different programs. SourceDetective, part of the CodeSuite set of tools, automatically searches for each one on the Internet and creates spreadsheets showing the number of hits. You can then focus on those identifiers with few hits, particularly those with 0 hits.

SourceDetective is available with CodeSuite and can be downloaded for free from the SAFE Corporation website.

This newsletter is not legal advice. Views expressed herein should be checked for accuracy and current applicability.
Copyright 2009 Software Analysis & Forensic Engineering Corporation