Code Reuse vs Code Theft

During the analysis of a codebase from a recent client, I noticed something quite odd…

The bulk of the codebase was of very low quality. Tabbing conventions for denoting loops/if-then statements were not followed, variables were not named consistently, passing data via globals, and whole functions where copy and pasted throughout the code. None of these things in themselves were terrible problems, but combined they caused some difficulties in cleaning the code.

Then, as I delved deeper into the codebase, I found something interesting. There was a portion of the code dedicated to building forums and it was fundamentally different than the rest. The SQL statements were clean, the variables had consistent naming conventions, and a variety of other things that made it clear that this code was not written by the same person. I took a block of code and threw it into Google.

Sure enough, I found a bulletin board system written by a gentleman in the UK which was identical to the existing forum codebase. After some further digging, I found that the license allowed redistribution as long as proper credit was given via inclusion of the complete copyright statements. None were included in the code I was examining, but I wasn't surprised.

This isn't the first time I've seen this. At a former employer, there was a “Senior” Developer who admittedly stole code from Open Source projects and used them within the proprietary codebase. I confronted him numerous times over this and he simply said “In [his country of origin], we don't care about copyrights.” This was further evidenced by the fact that he suggested – to the development team initially – distributing the MS Project ISO from the company webpage. He saw nothing wrong with this and once again suggested this in front of the client. [Saner opinions prevailed and this had not occured by the time I parted ways with the organizations. – KC]

In addition, I've noticed this more and more as Outsourced Projects are discussed. If you want to send your code overseas for development, that's your choice. But once you get it back you MUST do due dilligence to ensure that the code is truly yours to use, distribute, and sell under your terms. It is simply too risky otherwise.

You could be inadvertently opening up you and your organization to serious litigation risk by using code from other sources without attribution.