Microsoft Refuses Comment on Code Vetting After Juku Apology

Microsoft refused to comment to eWEEK about its internal code-vetting procedures after two incidents in November and December involving plagarized code.

In the November incident, Microsoft apologized for what it called a third-party vendor improperly incorporating open-source code into a Windows 7 download tool. In the December incident, Microsoft again apologized after it found that code from another company’s application had been integrated into Juku, a microblogging program being developed for MSN China.

The Juku incident came a week after Microsoft posted a revamped version of its free Windows 7 USB/DVD Download Tool (WUDT), which had been pulled from the online Microsoft Store in November over allegations that it contained improperly copied open-source code.

Microsoft had originally removed the WUDT on Nov. 11, after claims that the program incorporated code from the GPLv2-licensed ImageMaster project without proper acknowledgment. The ImageMaster project, hosted on CodePlex, was described on its site as "a .Net C# application for reading and writing disc images."

Those claims originated from blogger Rafael Rivera, who concluded in a Nov. 6 posting on his Within Windows blog that the WUDT’s source code had been "obviously lifted from the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project." Rivera reached this conclusion after a deep-dig into the tool’s method names and properties.

On Nov. 13, Microsoft acknowledged that open-source code had, indeed, been improperly used to create the WUDT.

"While we had contracted with a third party to create the tool, we share responsibility as we did not catch it as part of our code review process," Peter Galli, open-source community manager for Microsoft’s Platform Strategy Group, said in a statement published that day on Port25, which bills itself as a communication portal for the open-source community within Microsoft. "We had furthermore conducted a review of other code provided through the Microsoft Store, and this was the only incident of this sort we could find."

According to Microsoft, the revamped version of the WUDT falls under the umbrella of the GNU General Public License Version 2 (GPLv2).

Microsoft told eWEEK at the time that Galli’s statement would be the only one delivered about the plagiarism. However, the company found itself dealing with a similar incident this week with Juku.

Described by Microsoft as "developed by a Chinese vendor for our MSN China joint venture," Juku is a microblogging service launched in beta in Nov. 2009. Immediately upon its release, Taiwanese bloggers apparently noted the similarities between the Chinese application and Plurk, a microblogging service based in Taiwan.

A few weeks later, Microsoft said that it had investigated those claims, finding that Juku had indeed plagiarized Plurk’s code. As a result, it said, access to Juku beta had been suspended indefinitely.   

"The vendor has now acknowledged that a portion of the code they provided was indeed copied," Microsoft said in a statement published on its Website on Dec. 15. "This was in clear violation of the vendor’s contract with the MSN China joint venture, and equally inconsistent with Microsoft’s policies respecting intellectual property."

Microsoft’s statement described how its corporate practice "is to include strong language in our contract that clearly states the company must provide work that does not infringe the intellectual property rights of others." The company suggested that it would use the incident as a teachable moment, and examine its practices surrounding applications code from third-party developers.

When eWEEK asked Microsoft about its current corporate policies for reviewing code for applications, the company responded with a firm "no comment."

"Unfortunately we do not have any further information to share at this time beyond what we have available online at PressPass," a Microsoft spokesperson told eWEEK, referring to the company’s original Juku apology. "I apologize for any inconvenience this may cause you."

Plurk suggested in a Dec. 14 blog posting that, while imitation may be the sincerest form of flattery, the company was decidedly not amused by their code being lifted.

"Plurk was already Taiwan's biggest microblogging service, 10x bigger than Twitter in that market alone, and emerging as Asia’s answer to Twitter in many of the biggest countries in East [Asia]," said the posting, "so naturally Microsoft probably saw some potential in piggybacking off the success of our unique service and launching something similar in a related market like China."

That Plurk blog posting, which can be found here, also breaks down the two sites’ coding and aesthetic similarities. Plurk claims that some 80 percent of its client and product codebase had been "stolen" by Juku.