Theft of corporate code by independent developers is likely widespread
Patrick Wardle has a problem: his code keeps cropping up in commercial software projects without his permission.
Wardle is a Mac security expert who previously worked at the NSA and NASA. He is also the founder of the Goal-See Foundation, an organization specializing in open source macOS security tools. Unfortunately, according to The edgeWardle’s code has made its way into at least three commercial software projects without any credit or compensation being given to him.
As Wardle points out, few small developers have the resources, capacity, or expertise to determine if their code has been stolen. Wardle’s unique skills, however, put him in a position to do just that.
“I could only understand [the code theft] because I write both tools and reverse-engineer software, which is not very common,” Wardle said. The edge. “Because I straddle those two disciplines, I might find that happens to my tools, but other independent developers might not be able to do that, which is the problem.”
Wardle plans to share his findings at the Black Hat Cybersecurity Conference on Thursday, where he will discuss them with Johns Hopkins University cybersecurity researcher Tom McGuire.
Interestingly, Wardle doesn’t plan to weed out the companies that stole his code, as he believes the theft was likely the work of a single developer within each company rather than an enterprise-wide decision. organization. Additionally, the three companies he approached have been very forthcoming, acknowledging the theft and taking steps to rectify the situation, including paying for the code or donating to his foundation.
The biggest concern, however, is the state of indie software development in general. While Wardle may have the skills to determine when its code is stolen, the vast majority of smaller developers do not, opening the door to widespread abuse.