Source code ch.03: Open source

Source Code & Software Patents: A Guide to Software & Internet Patent Litigation for Attorneys & Experts
by Andrew Schulman (http://www.SoftwareLitigationConsulting.com)
Detailed outline for forthcoming book

Chapter 3: Open source, other publicly-available source code or decompiled code, and software patent litigation

3.1 Open source and accused commercial products/services

  • Commercial products are increasingly based, in part, on open source
  • Definition of “open source”, GPLv3, etc.; distinguish other non-open forms of publicly-available source code
  • Open source “comingled” with proprietary code (see Josh Lerner & Mark Schankerman, The Comingled Code: Open Source & Economic Development) [see also “comingling” of third-party proprietary code with producing party’s source code in chapter 9 on discovery]
  • Typically open source in products has vendor modifications, additions, and deletions
  • Vendor changes to open source may be explicit (#ifdef, etc.), but sometimes showing changes requires “diff”
  • How to link/tie accused products/services to particular open source projects/versions
  • Accused products which may also violate GPL?

3.2 Using open source in software patent litigation

  • Using open source in pre-filing investigation, to produce detailed preliminary infringement contentions (see chapters 6 & 7)
  • D’s arguments based on P’s failure to employ open source in pre-filing investigation
  • Using documentation for open source projects, as part of analysis of commercial products
  • Online open-source browsers (e.g. AndroidXref.com)
  • Searching in open-source repositories (e.g. SourceForge.net, GitHub.com) for keywords found in product or in proprietary source code
  • Ability to search for keywords across multiple open-source projects
  • Acquiring open-source binaries (see repositories, e.g.  Artifactory at JFog.com) [examples why useful]
  • Why source code discovery is still necessary, even when the product uses publicly-available open source
  • Product owner’s (rare) stipulations that publicly-available open source accurately reflects accused product
  • Using open source to produce detailed discovery requests (see chapter 9)
  • Blanket/umbrella protective orders (POs) covering open source (see chapter 11 on POs): can a vendor’s copy of open source constitute protected confidential information or part of a trade secret compilation?; vendors making “secret” use of open source;  vendor use of open source is either visible from product, or should be acknowledged publicly?
  • Difficulty comparing proprietary version with public version of open source, under typical PO restrictions (can’t readily copy open source to protected source-code machine, for “diff”/comparison: see chapters 11 & 15 on source-code examination PO restrictions)
  • Identifying specific open-source projects/versions within proprietary source-code production, when not known beforehand
  • Need to extract and print even unmodified open-source files contained in opponent’s proprietary source-code production, in absence of stipulations (see chapter 24 on printing)
  • Open source as evidence of PHOSITA knowledge and skill level at a relevant time

3.3 Other litigation issues relating to open source

  • Use of open-source project names as patent claim limitations
  • Assertions that open source infringes patents (e.g. Microsoft 2007 accusations)
  • IP auditing of open-source submissions; enterprise auditing
  • Open source audits (Palamida, Black Duck, etc.) generally do not cover patent infringement, because it is more difficult to automate patent-infringement search than e.g. copyright-infringement search
  • Difficulties of auditing for patent infringement, vs. concept that “with enough eyeballs, [insert problem] is shallow”?
  • Liability, indemnification issues for vendors incorporating open source
  • Open source as “defensive publication”
  • Non-patent litigation involving open source (e.g. SCO v. IBM copyright case with patent counterclaim: insufficiently-detailed accusations?; drafting Linux code in 2003 while referring to Dynix code on computer?; missing Dynix source code; discovery disputes re: AIX source code)
  • Open source litigation to counter GPL violations (e.g. BusyBox; see gpl-violations.org)
  • “Tivoization”

3.4 Using other publicly-available (but not “open”) source code in patent litigation

  • Source code available as part of the product itself (e.g., obfuscated JavaScript, embedded SQL)
  • Improving readability of minimized JavaScript often used in internet products/services: jsbeautifier.org
  • Vendor sample code, software development kits (SDKs), etc.: see chapter 6
  • Source-code disclosures in patents and published patent applications (though such disclosure is usually not necessary for software patents; see  Aristocrat  line of cases in chapter 4 on invalidity)

3.5 Using “quasi-source” (decompiled code) in patent litigation

  • “Quasi-source”: some products can be decompiled into a close-enough representation of the source code
  • Difference between decompilation vs. disassembly
  • Why decompilation has become feasible for bytecode languages: Java, Flash ActionScript, or Microsoft .NET (Silverlight)
  • Java decompilers, e.g. JD-GUI, JAD, JEB (Android); Java obfuscation
  • Flash ActionScript decompilers, e.g. Flare, Sothink, Buraks ASV, Eltima Trillix
  • .NET (Silverlight) decompilers, e.g. Red Gate Reflector, Telerik JustDecompile, ILSpy, Dis#
  • What is typically available or absent in decompiled bytecode?
  • Current status of decompilation for e.g. C/C++ (e.g., Boomerang); Objective-C for Apple OSX, iOS (Hopper); Android Dalvik (JEB Decompiler)
  • Generating header files with class definitions from Apple OSX/iOS binaries, using class-dump

Software patent cases re: open source

  • Bedrock v. Softlayer (route.c; charts duplicated for each of 50 changed version over lifetime; use of representative examples)
  • Apple v. Samsung (ongoing changes to open source not produced in discovery, when vendor stipulates not materially different from already-produced versions?)
  • Implicit Networks v. HP (vendor modifications to open source; Tomcat; WSS; need to examine open source as part of reasonable investigation?)