lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: fulldisc at sun.consumer.org.il (Shachar Shemesh)
Subject: Cisco's stolen code

Ng, Kenneth (US) wrote:

>Brian: I will give you another good reason to not go near the stolen code.
>If you EVER want to work on any project that is even remotely related to
>routers, or routing or anything else that Cisco equipment can do, you can
>not have touched any of the stolen code, or your code will be suspect.
>(Your accounting package has queues?  Cisco IOS has queues (I assume), you
>must have copied it.)  Even if your writing the code entirely from scratch,
>because you have seen the stolen code, you may be suspect.
>
Actually, I took that question up with a lawyer once, and I think you 
are quite wrong.

There are two Intellectual Property protection Cisco (and MS's Windows) 
code enjoy. The first is copyright, and the second is trade secret. 
There may also be patents involved, but that's besides the point, as 
patents get protected whether you have seen the code or not.

The copyright protection stands, no matter what. Unless the copyright 
holder releases the code, you are not allowed to copy it or use it. That 
much is true. However, once something is made public, it can no longer 
enjoy trade secret protection, and it doesn't matter who made it public 
or how. The original person who made the unauthorized (and illegal) 
disclosure of the information is theoretically liable for any business 
loss resulting from it, but other people are pretty much scott free in 
that respect.

This means that if you can prove that you are not copying actual code 
from the stolen code, you are free to continue working on anything at 
all. This even includes implementing Cisco proprietary protocols 
understood from the stolen code - it can no longer be considered a 
secret if so many people know it.

Please remeber the following:
1. I am not a lawyer. Even if I were - you are not hiring me. This is 
not legal advice. Use this as an idea to bounce off your own lawyer and 
see what (s)he says.
2. It is not clear whether the disclosure Cisco's code has already been 
through is enough to warrant the trade secret protection on it null. 
That is for a court to decide.
3. If implementing Cisco proprietary protocols is the aim, I would 
recommend to people to use clean room for that. Clean room makes proving 
no copyright violation took place.

          Shachar

-- 
Shachar Shemesh
Lingnu Open Source Consulting
http://www.lingnu.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ