I've recently commenced working with a new company and have a bit of an ethical dilemma.

Basically, my client has an existing program that has been written by a third party. The 3rd party has not handed over the source code even though the client insists that all Intellectual property is the property of the client (they paid a substantial sum for what is basically a 'menu' program that kicks off a number of other programs, some of which are the subject of my dilemma).

While they can take the legal route to recover the source code (and I'm confident that they will win in court), this could take years. The problem is that the program is buggy, as are the other programs that the 3rd party have written.

My client wants me to find a disassembler and use it to figure out what these programs actually do, so that I can rebuild & maintain the program(s).

My dilemma is this:

(1) If I use a disassembler, would I be leaving myself open to litigation from the 3rd party? If so, I assume that the result of that would be dependant on my client taking court action against the 3rd party - and if they don't, I guess that I would be liable?

(2) There are no specs currently in the possession of my client - so if I go ahead and rebuild the program (without using a disassembler), and I happen to miss something (trigger perhaps?), would I be liable?

What course should I take here?

If all that your client says is indeed true, then I do not really see an ethical problem -- at least nothing that violates my personal ethics. However, since it sounds like you are a contractor and are not a regular staff employee of your client, then you could be openning yourself to possible litigation by using a disassembler and messing with the code. Personally, I would refuse to do the project. But if you still want to, I would contact a lawyer (a copyright lawyer familiar with software licensing would be preferable).

Good luck whatever you choose to do.

- Kevin

P.S. Dissassembled applications are usually very difficult to follow and I wouldn't want to touch them unless I was paid very, very well.

totally aside from the legal ramifications (which I personally wouldn't worry about under the circumstances you describe), the fact is that disassembling any kind of significant application and attempting to use the result is VERY likely to take far longer than just rewriting the app. This is true in general, but for VB apps, it is even MORE true because of the messiness of constantly having to figure out whether a function call is to a standard windows API function, that you DON'T have to worry about, or to one that the programmer built, which you DO have to worry about.

Thanks for the replies so far - I think I need to put a little more info out there.

The application is basically a database front end, where the database is basically a heap of tables containing logistics info.

The program moves data around the tables after selecting certain bits according to the info that the user inputs (this much we know).

What we don't know, is whether tables are affected other than direct table inserts to the OBVIOUS tables (ie xxxNow and xxxHistory etc). There are no triggers or stored procs on the database (other than the ones I've written), so it seems like it does everything from the front end.

We are rebuilding the app, and were hoping that a disassembler might clue us in to anything 'funky' that the original program was doing - like inserts into a table that is less than obvious....

Oh - yes, I am a contractor!

Personally, I still wouldn't want to touch the project until the legal stuff was cleared up. There is just too much to risk for you, since as a contractor you are the buisness. I believe that means that your personal assets can be at risk if someone decides to take out a suit against your buisness. (Do you want to risk your home, your car, everything you have for this project?) Of coarse I don't know your exact circumstances. Perhaps this is not just some customer -- but a customer that has been very good to you over a long period of time and you do not want to drop them as a client. It is difficult to offer the right advice since they don't know all the circumstances. Though I would still contact a lawyer before doing anything. Or you may want to look into whether any buisness insurance you have would cover a lawsuit brought against you. Or you may want to have a lawyer write up a contract showing that your client would take all responsibility for any lawsuits. Whatever you do, be wise about how you do it!

Good luck!

- Kevin

[Moved thread]

It seems that the decision has been made for me - we're going to continue down the path of rebuilding the app without using a disassembler.

Thanks for the replies - although I was a little disappointed that everything centered around legal liability rather than ethical discussion, I guess that's because of the way I phrased the original post.

It did not seem like either of us thought that it was unethical to do (so long as what your client said was the truth).

I guess that's the crux of the matter...do I trust the client enough?

Personally, I can't see why they're not taking legal action to recover the source - it seems to me like they have an extremely good chance of winning IF they're telling me the truth.

If the database is something standard and is accessed only with SQL inside the 3rd party app, you could check the program's contsant strings to get a feel for what type of queries they do. Results may vary.

Another thing would be, if the 3rd party program can connect to ODBC, to write a small ODBC driver and intercept the queries that get passed back and forth when doing some specific things in the UI. Results may vary again.

Then again, this may all be overkill. If you sufficiently understand what the UI is supposed to do and how the data is supposed to get acted on, you would not need to do this kind of stuff.

As far as the ethical question goes, I would not consider disassembling as a problem for myself. The results of the disassembler are pretty bad anyhow and it's not like you intend to do binary patches against the executable (which I consider quite iffy). Of course, in the end, ethics and legal issues are two very different animals, and we live in a world where legal stuff is pretty much the only important one out of the two.

"Ethics at home, legality at work" ^^

Originally posted by Twodogs
Personally, I can't see why they're not taking legal action to recover the source - it seems to me like they have an extremely good chance of winning IF they're telling me the truth. This is the type of thing that is usually more indicative than we usually realize. If it does not make sense like that then there likely is a reason to be concerned.

I think the legal and technical issues determine the ethical considerations and if so then that is why there is so little emphasis on the ethical considerations.

Rewriting the application is certainly a good idea. I hope the customer understands the benefit of good specifications. I think you said they don't have good specifications and that is a mistake. They should have gotten good specifications first before contracting for the specifications to be converted to code. If specifications are good enough then writing the code is relatively easy. I really think that more emphasis needs to be put on the specifications. Management often wants to avoid the cost of developing specifications but it often can save a lot in the long run. Good specifications should include test cases and a test plan that is used to determine if the application works as expected.

One additional consideration is that if the code is not disassembled and if the previous version is not used then it might be possible for your customer to get their money back. If not then they would save a lot of money by learning from the experience and just ensure they don't make so many mistakes in the future.

Specifications...um..what specifications???

They have verbal specifications, and "I think its supposed to put this info into that table"

Oh....the life of a programmer :)