Solved

How do companies protect source code?

Posted on 2016-10-14
4
62 Views
Last Modified: 2016-10-21
If I've built an SaaS app in PHP, and am now hiring other developers, how can I ensure that the source code is not stolen?
0
Comment
Question by:Stephen Forlance
4 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 41844428
Hire only developers you trust!  Write strong contracts and be prepared to spend the money to enforce the contracts.  Have good lawyers.  Segregate the components on well-defined interfaces and only assign programmers to single components.

When companies protect source code, they often use obfuscators like Zend Guard.  But more and more programs are being put into open-source, or housed in a cloud environment and offered as a service.  It's usually the data that matters, rather than the code.  Most of us can see the action of the service and quickly envision how to write the code that "just does that."
1
 
LVL 24

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 125 total points
ID: 41844453
Given the generosity of compilers with code size these days, it's hard to protect source code when running a dynamic debugger against the code reveals the source.

Everyone has a price.  All it takes is for one of your competitors to find the price of one of your employees.  A million dollars is not as much as it used to be, but for some people it's enough.  If you hire H1-B employees, it's enough to buy a dozen of them.

Therefore:  IBM and the BUNCH knew a long time ago that it's more profitable to sell the service, not the code.  You can sell a service contract over and over again, every year.
0
 
LVL 52

Assisted Solution

by:Julian Hansen
Julian Hansen earned 125 total points
ID: 41844464
Developers on big projects usually only get to see a part of the codebase they are contributing to. In most cases code snippets on their own are not enough to be worth stealing - and I have always maintained if the code was developed by the developer - he does not need to steal it as it is already in his head. This does not cover other code or intellectual property that the developer did not author.

As Ray mentioned trying to lock down Web code is not really feasible. Your USP should be your business model, partnership agreements, data and customer base. There is not much you can do as a web developer that cannot be copied by just looking at what the code does. Much of the interface exists in the browser these days anyway in the form of JavaScript.

There are instances however, where you have developed IP that resides on the server that has value - and is not obvious from the browser side. At the end of the day you are going to have to trust someone. A legal document discourages theft - it cannot prevent it.

Most top developers are professionals - who have spent many years plying their trade - it is unlikely they are going to compromise that.

Having said that - we do work for film production companies and some of them can be really strict about how you handle their post production material. The legal contracts are a given but you also have to prove that your environment is secure. USB ports must be disabled. All internet connectivity is through a proxy that allows only certain traffic to and from specified destinations. You are not allowed to bring phones or cameras in to the work space. You cannot have access to your normal email or normal web services. And in some extreme cases you are searched on arriving and leaving the office. Not sure how many software companies do this - but it is an option.
0
 
LVL 25

Expert Comment

by:madunix
ID: 41845423
Get a trusted people;  make sure you have nondisclosure agreement (NDA), to protect the confidential information from being disclosed.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Site hacked - decoding the PHP? 15 60
hiding/removing php extension - best practice 4 24
test if query has no results 2 19
Problem sending file attachments 8 23
Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now