Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How do companies protect source code?

Posted on 2016-10-14
4
75 Views
Last Modified: 2016-10-21
If I've built an SaaS app in PHP, and am now hiring other developers, how can I ensure that the source code is not stolen?
0
Comment
Question by:Stephen Forlance
4 Comments
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 41844428
Hire only developers you trust!  Write strong contracts and be prepared to spend the money to enforce the contracts.  Have good lawyers.  Segregate the components on well-defined interfaces and only assign programmers to single components.

When companies protect source code, they often use obfuscators like Zend Guard.  But more and more programs are being put into open-source, or housed in a cloud environment and offered as a service.  It's usually the data that matters, rather than the code.  Most of us can see the action of the service and quickly envision how to write the code that "just does that."
1
 
LVL 26

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 125 total points
ID: 41844453
Given the generosity of compilers with code size these days, it's hard to protect source code when running a dynamic debugger against the code reveals the source.

Everyone has a price.  All it takes is for one of your competitors to find the price of one of your employees.  A million dollars is not as much as it used to be, but for some people it's enough.  If you hire H1-B employees, it's enough to buy a dozen of them.

Therefore:  IBM and the BUNCH knew a long time ago that it's more profitable to sell the service, not the code.  You can sell a service contract over and over again, every year.
0
 
LVL 55

Assisted Solution

by:Julian Hansen
Julian Hansen earned 125 total points
ID: 41844464
Developers on big projects usually only get to see a part of the codebase they are contributing to. In most cases code snippets on their own are not enough to be worth stealing - and I have always maintained if the code was developed by the developer - he does not need to steal it as it is already in his head. This does not cover other code or intellectual property that the developer did not author.

As Ray mentioned trying to lock down Web code is not really feasible. Your USP should be your business model, partnership agreements, data and customer base. There is not much you can do as a web developer that cannot be copied by just looking at what the code does. Much of the interface exists in the browser these days anyway in the form of JavaScript.

There are instances however, where you have developed IP that resides on the server that has value - and is not obvious from the browser side. At the end of the day you are going to have to trust someone. A legal document discourages theft - it cannot prevent it.

Most top developers are professionals - who have spent many years plying their trade - it is unlikely they are going to compromise that.

Having said that - we do work for film production companies and some of them can be really strict about how you handle their post production material. The legal contracts are a given but you also have to prove that your environment is secure. USB ports must be disabled. All internet connectivity is through a proxy that allows only certain traffic to and from specified destinations. You are not allowed to bring phones or cameras in to the work space. You cannot have access to your normal email or normal web services. And in some extreme cases you are searched on arriving and leaving the office. Not sure how many software companies do this - but it is an option.
0
 
LVL 25

Expert Comment

by:madunix
ID: 41845423
Get a trusted people;  make sure you have nondisclosure agreement (NDA), to protect the confidential information from being disclosed.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question