Feeds

Lawsuit says Oracle pilfered source code from competitor

Tables turned on Ellison

3 Big data security analytics techniques

Oracle – which recently won $1.3 billion in court damages for the theft of its trade secrets by an SAP subsidiary – faces a $100 million lawsuit alleging it engaged in similar behavior.

The complaint (PDF), filed in late December by Texas software company 2FA Technology, claims Oracle executives turned a blind eye when security company Passlogix stole source code for strong authentication and credential management software. Oracle went on to acquire Passlogix in November for $42 million and continues to sell rebranded Passlogix software containing the misappropriated code, the lawsuit alleges.

“Oracle's actions were done with the deliberate intent to injure 2FA's business, impede 2FA's recovery of its stolen property, and improve its own commercial advantage,” the complaint states. “By reason of the foregoing, 2FA has been damaged as a result of Oracle's illegal actions in amounts that will be determined at trial, but believed to be more than $10,000,000, plus interest.”

Including punitive damages, 2FA is seeking more than $100 million.

According to the 31-page complaint, Passlogix stole thousands of pages of trade secrets and hundreds of thousands of lines of source code after licensing 2FA's technology for credential management systems. Passlogix eventually used the code in its v-GO UAM product line, “in direct violation of the license agreement's non-compete and exclusive source provisions.” Oracle in turn folded it into its Oracle Enterprise Single Sign-on offerings.

According to 2FA, the license agreement expressly barred Passlogix from marketing its own credential management system. 2FA made the technology available to Passlogix under tightly restricted conditions, including provisions that allowed only programmers to see the code and secured servers that logged each person who accessed it. Despite the prohibitions, Passlogix Product Manager Gregory Simeone in July 2006 sent an email to many employees who had no required to access the source code. The material contained almost 100,000 pages worth of intellectual property and “hundreds of thousands of lines of source code.”

In April 2007, Passlogix presented its own credential management solution to a third-party prospect. In March of last year, the company released v-GO UAM and granted more than 10 million free licenses to a related product. In October, when Oracle announced its intention to acquire Passlogix, it cited customers' need to “provide stronger authentication mechanisms while reducing the number of passwords required." On the day of the announcement, Oracle's market capitalization spiked by more than $1 billion.

2FA's allegations in many ways resemble a case Oracle brought against SAP subsidiary TomorrowNow three years ago. In November, around the same time it was acquiring Passlogix, Oracle won a $1.3 billion jury verdict in the case and since pursued interest on that amount. ®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.