OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: M$ code audit? ;-)
From: Crispin Cowan (crispinwirex.com)
Date: Mon Oct 30 2000 - 21:47:09 CST


Kragen Sitaker wrote:

> So, if you were to produce something substantially similar (which is
> narrower than it sounds) to some piece of Microsoft's code, proof that
> you had access to that piece of code would be sufficient to "prove"
> that you copied it. Inversely, proving that you did not have access
> to it would be sufficient to prove that you had not copied it.

So if we take the above as given, does that mean that if I want to protect a
given piece of my code against reverse engineering, I should publish the
source code as widely as possible, but taint it with a highly restrictive
license (like Qt did :-) Thus, when someone tries to reverse engineer my
product, I just point out that the source is widely available, and therefore
it is improbable that the defendant can show that they had not read my code.

There are those in the Slashdot thread who speculate that this is precisely
what M$ has set about doing. Justification: M$'s usual response to a
vulnerability or incident is to stonewall, but in this case they have been
very forthright. They may well be trying to taint the universe with a
suspicion of having had access to their code.

Does this work? Or does the act of publishing the code somehow invalidate the
argument that the alleged copyright infringer/reverse-engineer had access to
my code?

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org