Protect Source Code From Developers

We got 54 software developers, they are working in ERP solution.
Is there any (technical ) way to protect our code during development so that if a developer leaves the company at least unable to access files not in his domain of development?

We already protect the code legally, we are looking for technical way (only).

is TFS helps?
Who is Participating?
pritamduttConnect With a Mentor Commented:
I would suggest you to implement a Source Code Control System Such as SVN/VSS/ Team foundation Server to implement such a mechanism.

This will help you achieve following:
1. Version of entire source code
2. Specifying permissions to who can access what piece of code etc.

This will help in a longer run, if not already implemented!

Read more about Team Foundation Server, Subversion, Git

Hope this helps.
ethar1Author Commented:
That protect the dll from decompile.
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Here is one such tool, you already have community edition of this product as part of Visual Studio.
jagrut_patelConnect With a Mentor Commented:
"... if a developer leaves the company at least unable to access files.."?
I am not able to understand how a developer who is no longer on you team can access a source code file which, I guess, is residing in your company's private network.

If what you mean is to protect the binaries than as others mentioned obfuscation can help.

Source Control systems can help you manage which developers can 'commit' (edit and save) which files. If some developer leaves, you can revoke rights of that developer from Source Control system.
ethar1Author Commented:
what if copy the complate source code?
ethar1Author Commented:
pritamdutt, using TFS, will allow to compaile all project and run it for test but not access all codes?
madginoConnect With a Mentor Commented:
If all developers need to compile the full project (which is usually the case) then you can't do nothing as in order to compile they must be able to read it and if they can read it they can copy it.

Otherwise maybe a smart Source Control system can decline access to some files and allow to others. If you go this way maybe you can split the project in multiple modules and grant each team access to only a specific module which can compile self-alone but it's not useful enough for the functionality point of view. Also maybe you can create some 'dummy' classes with no code that can be used for compiling the project and allow access to the full classes only to some developers.

Anyhow in my opinion the overhead overcomes the benefits.

With respect to your requirement of preventing an user from copying the source code using any of the following methods:
- Copy to External drive
- Copy to a personal email account

To address these scenarios you would require an excellent Data Leak Prevention Tool & Policy in place.

I am providing link of few such products for your review and further reading:
Code Green Networks
McAfee Data Protection Tools
Trust Wave

Hope this helps!
ethar1Author Commented:
Thanks for the links I will check it.
We stop access to usb & all drivers , and block the CD + monitoring all outgoing emails + not allowing emails more then 50kb + restrict access to internet.
But my question is how to prevent the developer from reading source code not related to his job ?
To prevent a user from reading unrelevant source code.. Configure a source code control system with strict access control.

Which means, you would not be giving the developer permission to access irrelevant code.

Hope this helps!
richard_hughesConnect With a Mentor Commented:
Hello ethar1

The only real way to protect your source code is by following methods like this. These methods would stop the developer copying the code for themselves:

1) Not allowing any personal laptops/computer being brought into the development lab
2) No use of USB sticks etc...
3) Strictly monitor internet access so that the source code cannot be uploaded
4) Disallow emails to any email address but authorized addresses so that the source code cannot be emailed

But I am afraid that it is not 100% possible to protect your source code, as the developer can always remember the code. Enforcing the developer to sign an NDA may help here though.


Richard Hughes
ethar1Author Commented:
pritamdutt, if I restrict access to irrelevent code, the developer can run the whole application?
richard_hughes, We already apply all that and more. the problem that the developer may read the code and memorize it.
The concept we are look for is no developer access any code not built by him.
in same time he can run the whole application for testing.
Hi ethar!

Generally in a large scale modular application such as yours a test/developer needs to have only reference to Function Definitions, and not the whole source code.
They can use the compile DLLs of the other modules to performs tests

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.