Legal risks of using undocumented API

Date: August 2003

Snippet
From: Scott Harrison Sent: Friday, August 08, 2003 5:54 PM To: Michael Halcoussis; Mark Hanson (DMD); Rick Prologo Cc: Linda Averett; Chadd Knowlton Subject: RE: Crescent setup...


 * I did have a discussion with GeneB this week who's taking over compliance related matters from cmeyers. He did mention there were risks associated with using undocumented API’s in future releases from those that have previously been granted exception under security clause of the settlement agreement.


 * The recommendation is to not use undocumented api’s or to document the apis. We can’t document this particular API, the WFP api, since it’s a back door to WFP and that means anyone could effectively bypass WFP. (say with a virus or a Trojan app) ..

From: Michael Halcoussis Sent: Thursday, August 07, 2003 1:54 PH To: Scott Harrison; Mark Hanson (DMD); Rick Prologo Co: Linda Averett; Chadd Knowlton Subject: RE: Crescent setup...


 * Scott as we discussed you are looking into the legal reasons why we still might do this work.

From: Scott Harrison Sent: Tuesday, August 12, 2003 8:30 PM To: Nichael Halcoussis; Theresa Venhuis Subject: FW; Crescent setup...

To discuss Linda’s questions with you:


 * Re SPAD: .. The risk is at some point in the future a 3rd party could register for the shell task and when set wrap as the "default" player via SPAD we don’t re-register for the shell task feature. Really this is not a violation of the agreement but it means we are not being as aggressive about re-asserting as the default handler ..

Full Exhibit
http://boycottnovell.com/wp-content/uploads/2009/01/px08624.pdf