abel is in the early stages of developing a closed-source financial app within a niche market. He is hiring his first employees, and he wants to take steps to ensure these new hires don't steal the code and run away. "I foresee disabling USB drives and DVD writers on my development machines," he writes. But will that be enough? Maybe a better question is: will that be too much?
See the original question here.
Trust goes a long way
You need to trust your developers.
Virtually all professional developers won't steal your source. It's understood that if you work for somebody else, the employer own the code that you write. Devs might copy code for reference purposes, but it's highly unlikely they will offer it for sale to anyone else. Getting caught isn't worth the risk.
More so, distrust breeds distrust. Disabling USB ports and DVD writers will engender a feeling of distrust which will, paradoxically, make it more likely that the developers will copy the code.
By all means add a secrecy clause to your contract, but it's probably unnecessary to highlight it as the most important part of the contract.
Who would buy on the black market?
Also, in the real world, third parties don't want stolen code. The risk is too great. Back when Informix and Oracle were duking it out for the enterprise relational database market in the mid-90s, one of Informix's developers quit to join Oracle (which was quite common), and took a hard drive full of Informix source with him (which wasn't). He told his new boss at Oracle, expecting a warm welcome, but instead he got a security team and an arrest. Then Oracle security called Informix security, and the hard drive went back to Informix without anyone from Oracle having looked at it.
Related: "How to prevent code from leaking outside work?"
Find a third-party solution
As others have mentioned, this primarily seems to be a people concern.
However, there are a number of major security vendors who market software solutions to data leaks:
- http://www.symantec.com/data-leak-prevention
- http://www.mcafee.com/us/products/total-protection-for-data-loss-prevention.aspx
- http://www.trendmicro.com/us/enterprise/data-protection/index.html
- http://www.cisco.com/en/US/netsol/ns895/index.html
- http://www.emc.com/security/rsa-data-loss-prevention.htm
I can't comment to their effectiveness or appropriateness as I have limited experience with these solutions, but just thought that it might be helpful to point this out. Feel free to edit this answer with additional software solutions to data leaks.
Your employees are your real resource
GrandmasterB Answers (34 votes):
If these programmers can write the software in the first place, then...
THEY DONT NEED TO STEAL IT.
They can simply rewrite it in a fraction of the time it took to originally develop it. Yes, it's true, developers arent complete idiots... once they figure out how to do something, they can often remember how they did it.
So, I guess you're just going to have to trust them, or else write the software yourself.
Find more answers or leave your own at the original post. See more Q&A like this at Programmers, a site for conceptual programming questions at Stack Exchange. And of course, feel free to login and ask your own.
No comments: