Placing the Blame
Its hard to imagine how SAP could argue that TomorrowNow carried out the alleged activity on behalf of the PeopleSoft and JD Edward customers as part of its third-party support service, since Oracles licenses and the licenses of any other commercial software product bar the disclosure or transfer of software and documentation to any third party. The lawsuit also raises the question of whether some of Oracles customers or former customers could find themselves parties to this lawsuit if it can be proven that they gave TomorrowNow access to their Customer Connection log-on IDs and passwords.The lawsuit also calls into question the effectiveness of Oracles own Web security protocols, since the intruders found it so easy to log in to the site using obviously bogus IDs such as "Null" and "User" along with e-mail addresses such as "email@example.com." If intruders found it so easy to penetrate and plunder Oracles Web servers, what does this mean for the security of any software companys intellectual assets that are stored for easy customer access on the Internet? Perhaps Oracle should strengthen the security measures protecting its Web servers to prevent future intrusions and thefts. The complaint charges that SAP carried out more than 10,000 downloads between September 2006 and January 2007. Oracle is claiming that the intruders even took Oracle support documents that werent available "even to licensed, authorized customers or through normal access to Oracles Customer Connection system." Its clear that rather than block the expired and bogus customer accounts from accessing the Web sites, Oracle chose to quietly monitor and trace the activity to investigate who was doing it and why. The results are this lawsuit. If the charges are proved to be accurate, SAP could find it is embroiled in perhaps the largest and worst intellectual property theft case in history of the computer industry. It is inexplicable why SAP, a proud and respected software producer, would ever allow any of its employees or subsidiaries to engage in massive and systematic theft of software and documentation. We must all reserve judgment until SAP has an opportunity to answer the charges and defend itself in court. Surely all companies in the software industry must respect the sanctity of each others intellectual property rights. Its unimaginable that any company would knowingly take the chance of putting such devastating legal weapons into the hands of a such a fierce competitor as Oracle. But if it is true that people within SAP engaged in these purported systematic thefts, then the case is no different from any of the most egregious examples of identity theft and criminal fraud that have rocked the computer industry in recent years. In that case SAP would deserve whatever it gets. John Pallatto is a veteran journalist in the field of enterprise software and Internet technology. He can be reached at firstname.lastname@example.org. Check out eWEEK.coms for the latest news, reviews and analysis about productivity and business solutions.
The Oracle complaint alleges that the intruders used "expired or soon-to-expire" log-on credentials of Oracle customers to gain access to the Customer Connection Web site. A lot of people could be feeling the legal pinch of these charges as this suit grinds through the wheels of justice.