Patrick Wardle has a problem — his code keeps turning up in commercial software projects without his permission.
Wardle is a Mac security expert who previously worked at the NSA and NASA. He’s also the founder of the Objective-See Foundation, an organization with a focus on open-source macOS security tools. Unfortunately, according to The Verge, Wardle’s code has made its way into at least three commercial software projects without any credit or compensation being given to him.
As Wardle points out, few small developers have the resources, ability, or expertise to ascertain if their code has been stolen. Wardle’s unique skill set, however, put him in a position to do just that.
“I was only able to figure [the code theft] out because I both write tools and reverse engineer software, which is not super common,” Wardle told The Verge. “Because I straddle both of these disciplines I could find it happening to my tools, but other indie developers might not be able to, which is the concern.”
Wardle plans to make known his findings at the Black Hat cybersecurity conference on Thursday, where he will discuss them with Johns Hopkins University cybersecurity researcher Tom McGuire.
Interestingly, Wardle doesn’t plan to out the companies that stole his code, as he believes the theft was probably the work of a single developer within each company rather than an organization-wide decision. In addition, all three companies he approached were very open, acknowledging the theft and taking steps to rectify the situation, including paying for the code or donating to his foundation.
The bigger concern, however, is the state of indie software development in general. While Wardle may have the skillset necessary to determine when his code is being stolen, the vast majority of small developers do not, opening the door for widespread abuse.