Using unlicensed code in your software - the perils of doing so

We once had an interesting situation in our group. Our group makes application software, which sells fairly well and is one of the leaders in its segment. One of the guidelines that we follow (to ensure that our software does not get into any of the patents mess that seems to occur from time to time) is to ensure that nobody takes any random code from somewhere without control. This policy ensures that the software is at low risk of having people challenge us later that we violated their patents, and a court action can threaten the revenues that we earn from the sales of the software.
Why is there a problem with picking up code from different places ? Well, you need to be careful of the licensing of the software that you are using. If you don't have the proper rights of the software you are using, then your revenues are in grave danger. Once we had a developer running into a problem with a software assignment, he searched for a solution, found a software, downloaded it, and started using it. Unfortunately in all this, he never told his manager or the project manager about what had happened.
Towards the end of the project, another developer was looking at a bug, and found a set of binaries that looked unfamiliar. And then the story unraveled. We were able to find a substitute, and it was good that we did so; the alternate was to be found using the software that had a term in the license whereby we were compelled to pay a $1 fee for every unit we sold. That would have have a huge impact to revenue, especially since the software only sold for $19 per unit.
And I have not even covered the problems of using software that is covered under open source or LGPL, which has significant issues of its own (and which I will cover in another post). Typically, what needs to be done can be covered in 2 major preventive steps:
1. Ensure that each developer knows the policy with regard to using licensed software, knows the process of requesting usage of new software, and knows the penalties for violating such policies.
2. Ensure that the entire code base is checked for any such code that could be termed as unlicensed code, such that you have eliminated a major risk.