SAFE Banner

MAY 2009

VOLUME 1, ISSUE 5

Software Scan

The President's Column

Do you have a client that requires a secure, neutral location to examine code? We've got it, and you can have it! SAFE Corporation has been expanding, and our previous facility (my house) was getting crowded. We now have a new office in Cupertino, home of Apple and Hewlett-Packard in central Silicon Valley. Best of all, you can sublease space from us on a monthly basis to do your analysis and keep your software, or your client's software, and your analysis results in a secure, private vault. You'll have access 24/7 (we'll probably be there working too) in a closed-door private office. Here's the new address:

20863 Stevens Creek Lane
Suite 456
Cupertino, CA 95014

Stop by and I'll treat you to a cup of coffee at Peet's Coffee, just walking distance away.

In this issue's Scanning IP section I ask the question, "How much is your software worth?" I wish I had an answer for that, but I can at least give you some ideas about how much more it's worth than the last version you released. I discuss the "changing lines of code" (CLOC) method of measuring changes in software and how it can be used to help value the IP of various versions of computer programs.

In the Scanning Tools section I discuss how to use our CodeDiff program to measure CLOC. Should we include a CLOC calculator in a future release of CodeSuite? Is this something you can use? I'd like to hear from you.

Regards,


Bob Zeidman
President, SAFE Corporation


Scanning IP

How Much is Your Software Worth?
My consulting company Zeidman Consulting worked on a large tax case last year. For reasons involving the labyrinthine regulations of the IRS, it was important to understand how much of the IP of a software program had changed from the time it was first developed ten years ago, through subsequent revisions, until the current version. In the current version, IP remaining from the first version was taxed at one rate while IP added subsequently was taxed at a different rate (this is a simplification based on my limited understanding of tax law). There was a lot of money at stake.

Previous methods of measuring code involve counting lines of code. However, that's a very poor estimate. Consider an example where an entire function consisting of 10,000 lines of code is replaced with a more efficient function requiring only 9,000 lines of code. Simply counting lines would tell you that there was a net reduction of 1,000 lines of code, which could incorrectly be interpreted as a reduction in IP. We realized that we could use CodeDiff and FileCount to compare lines of code to find the number of lines of code that continue from one version to another, the number of lines of code that are changed, and the number of lines of code that are added. Plugging these values into a well-defined spreadsheet allow you to graph this measure of changing lines of code ("CLOC") over time. The actual valuation of the initial version of the software is a complex process better left to financial analysts, but the CLOC method provides a great way to measure the changes in value.

You can read more about CLOC in the article by Nik Baer and me in Intellectual Property Today entitled Measuring Changes in Software IP including a measurement of the Mozilla Firefox open source project.

Advanced Tools to Detect Software Plagiarism and IP Theft

CodeSuite®
A sophisticated set of tools for analyzing software source code and object code including:

BitMatch®
Check binary object code for plagiarism.

CodeCross
Cross check source code for plagiarism.

CodeDiff®
Compare source code to find differences and measure changes.

CodeMatch®
The premiere tool for pinpointing copying.

SourceDetective®
Scour the Internet for plagiarized code.

CodeGrid®
Turbo charge your analysis on a supercomputer grid.

Get Smart

SAFE offers training at our facility or yours. Contact us to make arrangements:

MCLE credit in software IP

CodeSuite certification

LISP

CodeSuite now supports the LISP programming language. Have you heard of LISP? Probably not. It's a language with a small but passionate group of supporters. Considered one of the first programming languages specifically created for developing artificial intelligence (AI) programs, it was used mostly at universities and rarely in industry. I wrote LISP programs as a grad student at the Stanford Artificial Intelligence Lab (SAIL) in the early 80s and let me tell you, I'm glad it's gone (or almost gone). It's just difficult to use and not intuitive at all. But a customer needed to examine a LISP program so we created a definition file for LISP. You can download all of our language definition files at www.SAFE-corp.com/programs - download the zip file, unzip it, and follow the directions in the ReadMe.txt file. If you need to analyze a programming language we don't currently support, we can usually create a definition file in just a few hours.

Scanning Tools

Using CodeDiff and FileCount to Measure CLOC
In order to measure CLOC, FileCount is used to count the number of files and non-blank lines in each software version's directory tree. It's important to set up FileCount to only count the files and non-blank lines from the specific program source code file types.

CodeDiff is then used to compare files from the original version to a subsequent version of the software project. The CodeDiff comparison is limited to only comparing files with the same name. Typically file names are not changed from version to version, and a movement of source code between files or a file name change represents work being performed. CodeDiff is set up to only examine the same specific program source code files types as FileCount.

Using CodeSuite a distribution spreadsheet is then created automatically from the database created by CodeDiff. The distribution spreadsheet contains statistical information about the files and lines of code that were analyzed. The data from the CodeDiff distribution spreadsheet is combined with the FileCount data in a special CLOC spreadsheet to generate the software evolution results. Contact us to get a copy of the CLOC spreadsheet and to learn how to use it.

This newsletter is not legal advice. Views expressed herein should be checked for accuracy and current applicability.
Copyright 2009 Software Analysis & Forensic Engineering Corporation