The Software IP Problem
Software companies face a unique IP challenge. Unlike physical inventions, software is:
- Easy to copy — source code can be duplicated in seconds
- Hard to date — file system timestamps are unreliable; Git dates are forgeable
- Incrementally developed — thousands of commits over years, no single “creation date”
- Often disputed — patent trolls, employee departures, contractor disputes, open source licensing conflicts
When a dispute arises — “who wrote this algorithm first?” or “when was this feature implemented?” — the company with better evidence wins. And “better evidence” means evidence that’s:
- Independently verifiable — not just internal logs
- Tamper-proof — not modifiable by anyone in the organization
- Precise — down to the exact file contents and timestamp
- Permanent — available years or decades later
Why Git History Isn’t Enough
Git is the standard for version control, and Git commits do have timestamps. But they have a critical weakness for evidence purposes:
git commit --date="2020-01-01T12:00:00" -m "Antedated commit"That’s it. Anyone can set a Git commit date to any value. Git’s author date and committer date are both user-configurable. Even GIT_COMMITTER_DATE can be overridden.
For internal development tracking, this doesn’t matter. For legal evidence, it’s disqualifying. An opposing counsel who mentions --date in their objection will significantly weaken your Git-based evidence.
GitHub timestamps are slightly better (they reflect when GitHub received the push), but GitHub is a centralized platform controlled by a single company. In theory, GitHub’s database could be modified. In practice, it’s probably reliable — but “probably reliable” isn’t the standard you want in court.
A blockchain timestamp provides the missing layer: independent, decentralized, cryptographic proof that your code file’s hash was anchored at a specific time.
Practical Workflows for Software Teams
Release timestamping
The highest-impact, lowest-effort approach. Timestamp your release artifacts at each version:
- Build your release (binary, archive, Docker image exported as tar)
- Timestamp the artifacts via the TimeProof API or dashboard
- Store the timestamp certificates alongside your release notes
This creates a verifiable release timeline. If someone claims their patent predates your v2.3.0 release, your blockchain timestamp proves otherwise.
Milestone timestamping
At significant development milestones — feature completion, architecture decisions, significant refactors — export a repository snapshot and timestamp it. This creates checkpoints in your development history that are anchored externally.
Algorithm protection
For novel algorithms or unique implementations that represent core IP, timestamp the specific source files. This is especially valuable before:
- Publishing a paper
- Open-sourcing a component
- Filing a patent
- Sharing with potential partners or investors
Compliance documentation
SOC 2, ISO 27001, GDPR, HIPAA — compliance frameworks require evidence of when policies, procedures, and controls were implemented. Blockchain timestamps create audit trail evidence that’s independent of your internal systems.
The Patent Troll Defense
Patent trolls (Non-Practicing Entities) file vague software patents and then sue companies that independently developed the same functionality. Your best defense is prior art: evidence that the claimed invention was already known before the patent’s filing date.
A timestamped code release that predates the troll’s patent filing is powerful prior art evidence:
- Exact file contents are locked by SHA-256 hash (the code can’t be questioned)
- The date is anchored by blockchain consensus (can’t be backdated)
- Anyone can verify (including the Patent Trial and Appeal Board)
For companies that might face patent challenges, timestamping releases is cheap insurance. A 100-credit pack covers 100 scheduled artifacts, and larger packs or monthly plans cover regular release trains without introducing a separate credit type.
Integration with CI/CD
For automated workflows, integrate TimeProof into your build pipeline:
# Example: timestamp release artifacts after build
- name: Timestamp release
run: |
# Hash the release archive locally
sha256sum dist/release-v${VERSION}.tar.gz
# Submit hash to TimeProof API
curl -X POST https://api.timeprooflabs.com/timestamp \
-H "Authorization: Bearer $TIMEPROOF_API_KEY" \
-d '{"hash": "'$(sha256sum dist/release-v${VERSION}.tar.gz | cut -d' ' -f1)'"}'This ensures every release is automatically timestamped without developer intervention. Use Scheduled mode for automated pipelines — the low-gas batch window is fast enough for release artifacts, and the 1-credit cost keeps bulk automation economical.
What to Timestamp
| Asset | When | Why |
|---|---|---|
| Release archives | Each release | Prove release dates for prior art |
| Core algorithm files | At creation/change | Protect unique IP |
| Architecture documents | At major decisions | Document design provenance |
| API specifications | At publication | Prove specification priority |
| Compliance policies | At adoption/update | Audit trail evidence |
| Security audit reports | At completion | Prove due diligence timeline |
| Patent-related documentation | Before filing | Prior art and invention timeline |
Cost for Software Companies
| Team Size | Typical Needs | Suggested approach | Credit planning |
|---|---|---|---|
| Startup (5-15) | Monthly releases + key IP | Starter plan or 100-credit packs | 100 credits covers 100 scheduled artifacts or 50 instant anchors. |
| Growth (15-50) | Weekly releases + docs | Pro plan | 500 credits/month supports regular scheduled batches and selective instant proofs. |
| Enterprise (50+) | Automated CI/CD + compliance | Business/Enterprise + API | 2,500-10,000 credits/month with lower LG cost on Business and free LG on Enterprise. |
For context: a single hour of patent attorney time costs $400-$800. A year of comprehensive code timestamping costs less than a single paragraph of patent opinion.