Source Code Repositories: Reviewing the Right Version of a Program

    Josh Siegel

    Read Source Code Repositories Part Two as a PDF

    When examining software for evidence of copying in a misappropriation case, an expert attempts to examine the allegedly infringing program as it existed on or about the date of alleged copying.

    Programs evolve constantly due to regulatory changes, new operating system requirements, customer feedback, bug fixes, and many other external demands. Such updates may result in substantial alteration to a program over time, and the code that comprises a program on the date of alleged copying may differ significantly from the program’s code at the time of litigation. The code of the program at the time of litigation may contain little or no indication of copying, while previous versions of that same program may show significant evidence of copying. In some cases, a group or individual who has copied code may attempt to delete and rewrite some of the copied code over time in order to hide the fact that the program began as a copy of an existing work.

    Using the change management features of a source code repository, an independent expert can “roll back” all of the updates made to a program to a specific date.

    Using the change management features of a source code repository, an independent expert can “roll back” all of the updates made to a program to a specific date. This technique allows the expert to review and compare two programs as close to the date of alleged copying as possible, when the programs would likely be the most similar. If a plaintiff alleges that copying occurred on more than one date, an expert can use the version management feature of a code repository to analyze and compare code as close in time possible to each of the dates in question.

    Once an expert has access to the accused program’s code as it existed on the date of alleged copying, he or she can form opinions about whether copying occurred. Programmer comments on updates, comparisons between software programs, or simply an unusually large addition of source code all are important clues that help a trained eye recognize software misappropriation.

    Read the first installment: Source Code Repositories: What is a Source Code Repository?
    Read the third installment: Source Code Repositories: Authenticating Production of Source Code

    Other Insights from Josh Siegel

    Post The AFC test used by a software failure expert
    This second installment in DisputeSoft's Applying the AFC Test series considers the ability of the AFC Test to reveal hidden similarities in the structure, sequence, and organization of two programs.
    DisputeSoft was engaged by Ontario Systems in this software project failure dispute involving the licensing and implementation of accounts receivable management software.
    Post software experts on security
    Read Josh Siegel’s article on several measures a company can take to assess the state of its data security practices to help prevent data breaches and security instances.

    Josh Siegel

    Director & Forensic Examiner

    Josh Siegel has substantial experience analyzing copyright, patent, and trade secret claims related software and information technology. Josh performs functional testing, analyzes defect systems and metadata, examines source code in intellectual property disputes, acquires and analyzes data in digital forensics, and finally integrates that data into written reports and testimony.