Splunk alleges rival Cribl stole its source code for profit, files lawsuit
The data platform's complaint alleges a years-long campaign of misappropriated technical information led by a former employee
Data platform company Splunk has filed a lawsuit against rival Cribl, alleging that its CEO and other employees stole source code and technical secrets for its own advantage.
Splunk alleged that former employee Clint Sharp, who left the company in 2017, took code without permission that he then used when he co-founded Cribl the same year.
Additionally, it claims that since its formation Cribl has illegally sourced technical documents from outgoing Splunk employees in order to undermine the company.
“Mr Sharp founded Cribl using code he intentionally and unlawfully took from Splunk when he was a Splunk employee without a licence or permission to do so,” read the complaint.
“Since that time, Cribl and Mr Sharp have recruited numerous Splunk employees to Cribl, and have systematically encouraged employees to take Splunk’s confidential technical and business documents with them. In turn, Cribl has used the information it misappropriated to compete unfairly against Splunk.”
In a blog post, Splunk alleges that it attempted to settle the matter privately, but that this was unsuccessful. It characterises Cribl’s actions as a “coordinated campaign of misappropriation” and claims that the company used Splunk’s Technology Alliance Partner (TAP) programme to further its theft.
After launching in 2017, Cribl joined the TAP program, an agreement that allows partners to add to Splunk’s Enterprise platform, through the use and limited copying of Splunk software.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
However, the TAP program agreement states that partners may only use the software to demonstrate the use of extensions with the software and to develop extensions further. Using copies of the software to determine source code would constitute a violation of the terms of agreement.
"The allegations in Splunk’s lawsuit are false, and we will defend against these baseless claims," Cribl stated in a blog post.
"We have built interoperability using our own hard work and open source implementations, such as Eventgen. While Splunk tries to stifle competition through litigation, we will keep our relentless focus on our customers to give them choice and control over their data."
Splunk has requested an injunction against Cribl, Clint Sharp and all associated Cribl entities, from further infringing Splunk copyrights. It has also requested an accounting of the profits that Cribl has made from the activity and subsequent damages. The company has requested a trial by jury.
"Proving infringement of copyright in source code, as Splunk is alleging here, tends to be difficult," said Michael Buckworth, founder at UK law firm Buckworths. "A former employee would be incredibly foolish to use a carbon copy of code he has misappropriated; rather he would likely recode the software to deliver substantially similar functionality.
"New code achieving the same outcome as existing code is unlikely to infringe copyright in existing code leaving the damaged party to look at patent infringement or breach of contractual obligations," he added.
"Splunk may believe that they can prove each allegation that they have made with the result that they could secure significant damages from Cribl, or even have it shut down.
"Alternatively, this may be a strategic move to dry up investment and other financial support in Cribl. There is nothing that will turn off investors more than a high-profile IP dispute! Either way both parties will now need to prove their position and live with significant costs if they fail.”
Splunk operates in more than 21 regions internationally, providing customers with a suite that provides oversight over their data and allows them to conduct big data analytics. It also aims to improve observability across multi-cloud environments. Last year it announced a new cloud security suite in addition to its other offerings.
Cribl supplies data management solutions to its customers, aiming to provide data flexibility and stack observability. Its service Cribl Stream is used by DevOps engineers and other industry professionals in order to process data in real time, supply context to data, and encrypt sensitive fields.
IT Pro has approached Splunk for comment.
This article has been updated to include a statement from Cribl.
Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.
In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.