[skipkey]

The lawsuit is linked in the post. I didn’t read the whole thing, but skimming, the smoking gun seems to be that an implementation of Splunk’s S2S protocol was posted to his personal GitHub while he was still an employee. They claim that the header files just had the Splunk copyright notices removed, but just being a re-implementation of the objects wouldn’t surprise me. Depending on the jurisdiction that might matter.

There are also various copyright claims on things in manuals, plus claims that they infringed numerous patents.

All in all, it sounds pretty bad, but lawsuits almost always do. I would wait to read the responses before coming to any conclusions.

[ec109685]

Pretty poor that S2S is a proprietary protocol to begin with.

[PanosJee]

From the lawsuit:

Although Splunk provides HEC for third parties to use, Splunk maintains other aspects of its software as proprietary. One example of such proprietary software is the “S2S” protocol. S2S stands for “Splunk-to-Splunk,” and this is software that Splunk itself uses to send data to, or receive data from, Splunk Enterprise and other Splunk software and technologies. Splunk does not support use of S2S by third parties, does not publish S2S’s source code, and does not document S2S in a manner that facilitates third-party use of this protocol.

[ec109685]

I still think that is poor form.

[PanosJee]

I don't think Splunk claims will hold in court. As said running Wireguard would too just fine.

Mr. Sharp posted a derivation of Splunk’s proprietary and confidential S2S source code to his personal github webpage (a publicly accessible website for sharing source code). Mr. Sharp named this derived code “go-S2S.”