[ISN] Source code stolen from U.S. software company in India
InfoSec News
isn at c4i.org
Mon Aug 9 08:45:16 EDT 2004
Forwarded from: Chris Wysopal <weld at atstake.com>
http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,95045,00.html
"The company said that according to a report obtained from its branch
in India, a recently hired software engineer used her Yahoo e-mail
account, which now allows 100MB of free storage space, to upload and
ship the copied files out of the research facility. The company
detected the theft and is trying to prevent the employee from further
distributing the source code and other confidential information."
What this means is large free web email storage facilities make
intellectual property theft easier. Just zip and send an attachement
to yourself.
But this is the real kicker:
"Though the Indian branch of Jolly Technologies requires employees to
sign a similar employment agreement, the sluggish Indian legal system
and the absence of intellectual property laws make it nearly
impossible to enforce such agreements, the company said.
...
The company said it has decided to delay further recruitment and halt
development activities in India until better legal safeguards are in
place."
Is this true? Can Indian employees steal source code with no legal
repercussions? Wow, think of all the code that is outsourced to India
these days with no legal protections. And it is all a Yahoo file
attachment away.
-Chris
More information about the ISN
mailing list