Oracle's search for a smoking gun to prove the truth of its allegations that rival SAP stole its software is likely to be long and arduous, making an out-of-court settlement attractive for both parties.
A day after SAP unexpectedly admitted in a court filing that a subsidiary had improperly downloaded software from Oracle, computer security experts said Oracle would need to do much more to push its case far further.
SAP said on Tuesday its TomorrowNow subsidiary, which provides services for customers using Oracle legacy software, had in some cases carried out "inappropriate" downloads of support materials from an Oracle site using customer log-ins.
But it denied Oracle's more serious claim that SAP itself took advantage of this practice to assemble a library of illegally acquired Oracle software. SAP says firewalls prevented it from accessing the material held by TomorrowNow.
"Technologically, yes, SAP could be blocked from accessing that information," said Graham Cluley, senior technology consultant at IT security firm Sophos. "But you'd really need a third party to go in and see how the firewalls were configured."
The search would then be on for evidence SAP had actually accessed any stolen software code.
"It would be a long and painstaking investigation," said Edward Wilding, chief technology officer at computer-crime investigation company Data Genetics International (DGI).
"It can take anything from a month right through to several years, depending on the extent of the alleged misappropriation."
"Normally you're looking for an out-of-court settlement because if it goes to court it's more expensive," he added.
SAP said on Tuesday it would be willing to consider settling the case. Oracle declined to comment.
"The smoking gun would be to find it on SAP's own servers within their organization. That's the piece of evidence which Oracle would really need," said Sophos's Cluley.
"I imagine SAP would have hundreds of thousands of computers so it wouldn't be a trivial matter."
After examining information such as audit trails and firewall logs that a court might order SAP to hand over, a search might begin by searching the company's email archive to identify individuals involved.
If any such individuals were found--which would make the investigation simpler--the search would then broaden out initially to those people's computers and the areas to which they had access.
DGI's Wilding said such cases of corporate industrial espionage were unusual, with most cases concerning individuals, often ex-staff, stealing data from the company where they work.
"It's quite rare to get a case of wholesale software or code misappropriation," he said. "Generally speaking, the software houses understand the rules."
"I don't think for one minute that SAP would willingly have put themselves in the position they find themselves in."