A federal judge Tuesday dismissed Apple’s copyright infringement lawsuit against cybersecurity startup Corellium in a case which could have implications for researchers who find software bugs and vulnerabilities.

Judge Rodney Smith said Apple failed to show a legal basis for protecting its entire iOS operating system from security researchers.

Apple sued the Florida-based startup in 2019 claiming its “virtualization” of iOS software constituted copyright infringement.

But the judge ruled that Corellium’s work, which is designed to find security holes in the software, was “fair use” of copyrighted material.

“From the infancy of copyright protection, courts have recognized that some opportunity for fair use of copyrighted materials is necessary to fulfil copyright’s purpose of promoting ‘the progress of science and useful arts,'” Smith wrote.

“There is evidence in the record to support Corellium’s position that its product is intended for security research and, as Apple concedes, can be used for security research. Further, Apple itself would have used the product for internal testing had it successfully acquired the company.”

The ruling, if upheld, represents a victory for security researchers who could face civil or criminal penalties for reproducing copyrighted software as part of efforts to find vulnerabilities.

It also limits Apple’s efforts to exercise full control of its iPhone software and its ability to force third parties to use its proprietary security research tools.

Apple did not immediately respond to a request for comment on the case.