Wow, this is a big event. Elastic has discovered that the makers of the open source Elastic Plugin for security features Search Guard copied and used their proprietary security code and is filing infringement lawsuits.
It came to our attention that the developers of Search Guard, a security plugin for Elasticsearch from floragunn GmbH, directly copied source code from our proprietary security features into their product. In looking deeper, we discovered a pattern of intellectual property theft that has apparently been going on for years.
So earlier today, we filed a lawsuit in the United States District Court for the Northern District of California against floragunn GmbH for copyright infringement and contributory copyright infringement.
Why else is this a big deal?. Open Distro security feature is almost entirely Searchguard and written by wait for it… floragunn.
From the Open Distro forum on security features.
Question from a user.
I’ve been looking through the code you have in your packages, and I see that most of what you have for authc/authz is based on Searchguard, however there’s no attribution to Searchguard.
Answer by AWS
Hi Mikael. The security features include contributions by floragunn (the makers of Search Guard) and you will see their copyrights on the source files. We have collaborated with them on bringing security features to Open Distro.
And follow up answer by Search Guard
We have helped AWS to bring security features to Open Distro for Elasticsearch. From our perspective Open Distro for Elasticsearch is a legitimate product.
CEO, floragunn GmbH
To be fair the press release from Elastic does not contain any reference to AWS or Open Distro. It is entirely possible that Open Distro contains no infringement on Elastic proprietary code even though their security features rely heavily on Search Guard.
But for years, thousands of Elastic users have been using Search Guard for security features in place of licensing from Elastic to get them.