Software Analysis and Forensic Engineering » trade secret

Podcasts on software intellectual property and software development

Bob Zeidman — Sun, 02 Oct 2011 19:39:52 +0000

Here are my new podcasts about software intellectual property and software development relating to IP issues. I believe you’ll find them useful.

The Software IP Detective’s Handbook

Bob Zeidman — Mon, 02 May 2011 14:23:04 +0000

My book on software intellectual property, a labor of love (and hate) for the last two years, has just been published by Prentice-Hall. The book is intended for several different audiences including computer scientists, computer programmers, business managers, lawyers, engineering consultants, expert witnesses, and high-tech entrepreneurs. Some chapters give easy-to-understand explanations of intellectual property concepts including copyrights, patents, and trade secrets. Other chapters are highly mathematical treatments describing quantitative ways of comparing and measuring software and software IP. The first chapter of the book outlines which chapters are most important for the different audiences.

Overall the book covers the following topics:

Key concepts of software intellectual property
Comparing and correlating source code for signs of theft or infringement
Uncovering signs of copying in object code when source code is inaccessible
Tracking malware and third-party code in applications
Using software clean rooms to avoid IP infringement
Understanding IP issues associated with patents, open source, and DMCA

You can purchase your copy from Amazon.com here.

IP theft is becoming the new target for cyberthieves

Bob Zeidman — Tue, 05 Apr 2011 00:53:20 +0000

Antivirus company McAfee and R&D company SAIC recently published a report entitled Underground Economies, a study of corporate IP theft. According to the study, many cyberthieves now see stealing IP as more profitable than credit card theft and identity theft. According to the study:

In the past, cybercriminals targeted personal information such as credit cards and social security numbers, which were then sold on the black market. Now, these criminals understand that there is much greater value in selling a company’s proprietary information to competitors and foreign governments. For example, a company’s legal documents can fetch far more money than a list of customer credit cards.

The cyber underground economy has shifted its focus to the theft of corporate intellectual capital–the new currency of cybercrime. Intellectual capital encompasses all the value that a company derives from its intellectual property including trade secrets, marketing plans, research and development findings and even source code. For example, Operation Aurora, a targeted attack on Google and at least 30 other companies, represented a sophisticated attack designed to steal intellectual capital.

Some of the more interesting findings are:

Theft of corporate intellectual property is “the new currency of cybercrime.”
Some governments support or even conduct theft of trade secrets. Forrester Research estimates that corporate IP is twice as valuable as custodial data such as credit card information and customer and medical data.
Cloud-based services are not only a new target for cyber criminals, but also but extensive but inexpensive resources into their hands
for carrying out cybercrimes.
Data breaches, or the credible threat of a data breach, stopped or slowed a merger, acquisition, or new product rollout at one
fourth of organizations surveyed.
Yet only a quarter of organizations conduct forensic analysis after a breach or attempted breach.
Organizations reported that IP was most often leaked or stolen by their own employees.

Read the entire study here.

As an ironic side note, the day that this report was released, security researchers announced that McAfee’s own website has serious vulnerabilities. Read that article here.

ADFSL 2011 Conference on Digital Forensics, Security and Law

Bob Zeidman — Wed, 02 Feb 2011 21:13:07 +0000

Last year my consulting company presented a paper entitled Measuring Whitespace Patterns As An Indication of Plagiarism that examined and tested the concept that patterns of whitespace in two source code files can be used to determine whether one program was copied from the other. The conference was an enjoyable three days in St. Paul, Minnesota. We even got a tour of the Forensic Science Laboratory of the Bureau of Criminal Apprehension where we learned the real forensic science used to catch criminals (the CSI TV shows are a “little bit” exaggerated, but the reality is just as interesting).

This year the conference will be at Longwood University in Richmond, Virginia from May 25 through 27. I’m serving on the conference committee. We’re looking for paper, presentation, and panel submissions in the following areas:

Curriculum

1. Digital Forensics Curriculum
2. Cyber Law Curriculum
3. Information Assurance Curriculum
4. Accounting Digital Forensics Curriculum

Teaching Methods

5. Digital Forensics Teaching Methods
6. Cyber Law Teaching Methods
7. Information Assurance Teaching Methods
8. Accounting Digital Forensics Teaching Methods

Cases

9. Digital Forensics Case Studies
10. Cyber Law Case Studies
11. Information Assurance Case Studies
12. Accounting Digital Forensics Case Studies

Information Technology

13. Digital Forensics And Information Technology
14. Cyber Law And Information Technology
15. Information Assurance And Information Technology
16. Accounting Digital Forensics Information Technology

Networks And The Internet

17. Digital Forensics And The Internet
18. Cyber Law And The Internet
19. Information Assurance And Internet
20. Digital Forensics Accounting And The Internet

Anti-Forensics And Counter Anti-Forensics

21. Steganography
22. Stylometrics And Author Attribution
23. Anonymity And Proxies
24. Encryption And Decryption

International Issues

25. International Issues In Digital Forensics
26. International Issues In Cyber Law
27. International Issues In Information Assurance
28. International Issues In Accounting Digital Forensics

Theory

29. Theory Development In Digital Forensics
30. Theory Development In Information Assurance
31. Methodologies For Digital Forensic Research
32. Analysis Techniques For Digital Forensic And Information Assurance Research

Digital Rights Management (DRM)

33. DRM Issues In Digital Forensics
34. DRM Issues In Information Technology
35. DRM Issues In Information Assurance
36. DRM Issues In Cyber Law

Privacy Issues

37. Privacy Issues In Digital Forensics
38. Privacy Issues In Information Assurance
39. Privacy Issues In Cyber Law
40. Privacy Issues In Digital Rights Management

Software Forensics

41. Software Piracy Investigation
42. Software Quality Forensics

Other Topics

43. Cyber Culture And Cyber Terrorism

The deadline for submissions is February 19. The website for the conference is at http://www.digitalforensics-conference.org where you’ll find more information about the conference, the venue, and submission guidelines.

Zynga and CrowdStar, copying or coincidence?

Bob Zeidman — Mon, 03 Jan 2011 03:33:40 +0000

Software Analysis & Forensic Engineering Corporation today released a case study of Online IP Screening between Zynga’s FarmVille game and CrowdStar’s Happy Aquarium game. The study shows some interesting correlation between the source code for the two games. SAFE Corporation is officially announcing its SAFE Online IP Screening service that is targeted at social games and other online applications. The screening service is a subscription service to regularly examine online applications for signs of copying. In this first case study, we already found surprising results. Even after the normal process of eliminating correlation due to third party code, commonly used identifier names, automatically generated code, common algorithms, and common authors, correlation remained. Was this intentional? Illegal? Acceptable? Coincidence? Decide for yourself: see summaries of this and other case studies here and register to download the full case studies here.

One unique feature of online applications is that often the full source code is downloaded to the user’s machine. This makes it easier for your competitors to copy your code. It also makes it easier for us to detect that copying. Learn more about SAFE Online IP Screening here or email us for details about how we can protect you from unauthorized copying and dissemination of your code.

SAFE introduces CodeSuite-LT

Bob Zeidman — Mon, 03 Jan 2011 03:27:12 +0000

CodeSuite-LT® is a less expensive, limited version of the full CodeSuite tool. Each tool in the suite produces a readable report that can be used to find copying. CodeSuite-LT includes BitMatch, CodeCross, CodeDiff, CodeMatch, FileCount, and FileIsolate. It also includes the ability to filter results using SourceDetective. CodeSuite-LT does not produce a database and does not allow post-process filtering of results. Instead, it generates an easy-to-read report that can be used to pinpoint copying.

Which is Right For You?

Which product is right for you, CodeSuite or CodeSuite-LT? Click here for a table that compares the features of both programs so you can choose the right solution.

Multiprocessing CodeSuite-MP

Bob Zeidman — Wed, 01 Sep 2010 23:54:05 +0000

Until now there were two ways of running really big jobs of CodeSuite. One was to simply run it and wait for as long as it took. Really large jobs can take as much as a week or two. The other option was to run the job on CodeGrid, our framework that distributes the job over a grid of networked computers. CodeGrid shows an almost linear speedup for each computer on the grid, but it requires someone to maintain the computers and the network and that can be a daunting job. Now there’s a third option;, CodeSuite-MP allows you to run multiple jobs on a single multicore computer. We’re seeing a near-linear speedup for the number of cores, and there’s no special maintenance required. We’re even seeing a near-linear speedup using virtual cores. If you want to get a license for CodeSuite-MP, contact our sales department.

The Report Generator (RPG)

Bob Zeidman — Thu, 01 Jul 2010 06:10:58 +0000

The Report Generator (“RPG”) is a new program from SAFE that automatically generates draft expert reports and declarations for litigation. Reports have several generic sections such as an expert’s experience and descriptions of the technologies involved in the examination, which can be shared amongst reports. By automating the compilation of the generic information into a formatted and structured draft report, the expert can focus on performing the analysis and writing the case-specific arguments.

When using the RPG, an expert selects the type of case, type of report, types of technologies involved, types of tools used, and expert background profiles from a GUI. Then a Microsoft Word draft report is generated that includes all of the selected generic information intermixed with blank sections where case-specific information should be filled in manually.

Currently, many experts either dig through their prior works to find specific descriptions or write them from scratch each time. Maintaining a library of generic report elements is a challenge, especially when multiple experts are involved. RPG acts as a version control system between multiple experts who can upload and download detailed descriptions of experts, technologies, and tools from a central server. The reports are generated according to specific formats, so an entire team of experts can easily produce reports that are consistently formatted with the most up-to-date descriptions.

RPG also keeps synced descriptions of CodeSuite, so it can include the most up-to-date descriptions and pricing of the tools without having to search the S.A.F.E. website or CodeSuite help files.

If you’re interested in trying out RPG, contact our Sales Department.

The value of corporate secrets

Bob Zeidman — Sun, 02 May 2010 15:32:35 +0000

Forrester Consulting just put out a report that I found interesting. According to Forrester, chief information security officers (CISOs) face increasing demands from their business units, regulators, and business partners to safeguard their information assets. Security programs protect two types of data: secrets that confer long-term competitive advantage and custodial data assets that they are compelled to protect. Secrets include product plans, earnings forecasts, and trade secrets; custodial data includes customer, medical, and payment card information that becomes “toxic” when spilled or stolen. Forrester found that enterprises are overly focused on compliance and not focused enough on protecting their secrets. Forrester’s key findings are the following:

Secrets comprise two-thirds of the value of firms’ information portfolios.
Compliance, not security, drives security budgets.
Firms focus on preventing accidents, but theft is where the money is.
The more valuable a firm’s information, the more incidents it will have.
CISOs do not know how effective their security controls actually are.

Download the report to report to get the details.

Interesting software IP cases of 2009

Bob Zeidman — Fri, 01 Jan 2010 20:52:02 +0000

Here is my list of the most interesting software IP cases of 2009,
in chronological order: