Software expertise
A software expert report is commissioned . To determine whether a former employee had used source code to produce a similar product for another company. The report was commissioned by the public prosecutor's office.
Documentary basis:
- Study of the documentation submitted, including the police report.
- Analysis of the defendant's hard disk.
- Comparison of source code, with the versions of the same in the company and with other ongoing developments.
- Search for other evidence on the hard disk, such as compiled code, documents forwarded to third parties related to the subject matter, inspection of sent/received eMails, etc.
Parts of the expert's report
The software controlled two machine tools. It had strong interaction with hardware and low-level programming. The task was complex with developments of more than 80,000 lines of code. It was coded in Microsoft visual basic.
The following tasks were carried out to determine whether the software had been plagiarized:
Cloning of two virtual machines with both versions
They were cloned on two virtual machines that emulated the behavior of the controlled machine tools (test environment). They ran the same software as on the machine tool. Thus their behavior could be emulated on a PC.
Study of the devices controlled by the software
The two controlled machines were also compared. Similarities were found between them, as they have a similar functionality, so we studied the coincidences, in order to know to what extent they forced a coincidence in the software.
Statistical comparison
At the statistical level, the lines of code that made up both versions and their structuring were judged. The objective was to identify common patterns and whether there had been a change in programming style and guidelines.
Search for common names
The names of the functions, procedures and definitions were compared in search of matches. All matching names were compared side by side.
Comparison of software structuring
The software was structured in three layers: Graphics / Logic / Hardware interaction. It partially followed the MVC paradigm. The structure of both codes was compared to determine plagiarized parts.
Comparison of the graphic interface
Document similarities in the graphical interface. In some aspects, the parameters collected by the graphic interface could not differ. Study the way it was implemented. It was a model of views common to both projects.
Study of the documentation
All the documentation in the court file is studied: police report, lawsuit and response, to find the bases and keys to the procedure.
Opinion on the functionalities or common parts of the software
All coincidences and the reason for the coincidences were ruled on. A match does not necessarily indicate plagiarism. Two functions can be the same:
- Being part of an imported external library
- For implementing the same algorithm of common knowledge and use.
- Being routine or even automatically generated implementations (getters / setters, interfaces etc.)
Results obtained:
The report clarified:
- Which parts of the code were reused.
- The possible illegitimate profit with the reuse of code.
- The existence of bad faith.
- Whether the re-use of methodologies alleged by the company was punishable, or could fall within what is customary.