Feeds

Lawsuit says Oracle pilfered source code from competitor

Tables turned on Ellison

Remote control for virtualized desktops

Oracle – which recently won $1.3 billion in court damages for the theft of its trade secrets by an SAP subsidiary – faces a $100 million lawsuit alleging it engaged in similar behavior.

The complaint (PDF), filed in late December by Texas software company 2FA Technology, claims Oracle executives turned a blind eye when security company Passlogix stole source code for strong authentication and credential management software. Oracle went on to acquire Passlogix in November for $42 million and continues to sell rebranded Passlogix software containing the misappropriated code, the lawsuit alleges.

“Oracle's actions were done with the deliberate intent to injure 2FA's business, impede 2FA's recovery of its stolen property, and improve its own commercial advantage,” the complaint states. “By reason of the foregoing, 2FA has been damaged as a result of Oracle's illegal actions in amounts that will be determined at trial, but believed to be more than $10,000,000, plus interest.”

Including punitive damages, 2FA is seeking more than $100 million.

According to the 31-page complaint, Passlogix stole thousands of pages of trade secrets and hundreds of thousands of lines of source code after licensing 2FA's technology for credential management systems. Passlogix eventually used the code in its v-GO UAM product line, “in direct violation of the license agreement's non-compete and exclusive source provisions.” Oracle in turn folded it into its Oracle Enterprise Single Sign-on offerings.

According to 2FA, the license agreement expressly barred Passlogix from marketing its own credential management system. 2FA made the technology available to Passlogix under tightly restricted conditions, including provisions that allowed only programmers to see the code and secured servers that logged each person who accessed it. Despite the prohibitions, Passlogix Product Manager Gregory Simeone in July 2006 sent an email to many employees who had no required to access the source code. The material contained almost 100,000 pages worth of intellectual property and “hundreds of thousands of lines of source code.”

In April 2007, Passlogix presented its own credential management solution to a third-party prospect. In March of last year, the company released v-GO UAM and granted more than 10 million free licenses to a related product. In October, when Oracle announced its intention to acquire Passlogix, it cited customers' need to “provide stronger authentication mechanisms while reducing the number of passwords required." On the day of the announcement, Oracle's market capitalization spiked by more than $1 billion.

2FA's allegations in many ways resemble a case Oracle brought against SAP subsidiary TomorrowNow three years ago. In November, around the same time it was acquiring Passlogix, Oracle won a $1.3 billion jury verdict in the case and since pursued interest on that amount. ®

Internet Security Threat Report 2014

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
HTML5 vs native: Harry Coder and the mudblood mobile app princes
Developers just want their ideas to generate money
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.