Solved

How do companies protect source code?

Posted on 2016-10-14
4
87 Views
Last Modified: 2016-10-21
If I've built an SaaS app in PHP, and am now hiring other developers, how can I ensure that the source code is not stolen?
0
Comment
Question by:Stephen Forlance
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 41844428
Hire only developers you trust!  Write strong contracts and be prepared to spend the money to enforce the contracts.  Have good lawyers.  Segregate the components on well-defined interfaces and only assign programmers to single components.

When companies protect source code, they often use obfuscators like Zend Guard.  But more and more programs are being put into open-source, or housed in a cloud environment and offered as a service.  It's usually the data that matters, rather than the code.  Most of us can see the action of the service and quickly envision how to write the code that "just does that."
1
 
LVL 27

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 125 total points
ID: 41844453
Given the generosity of compilers with code size these days, it's hard to protect source code when running a dynamic debugger against the code reveals the source.

Everyone has a price.  All it takes is for one of your competitors to find the price of one of your employees.  A million dollars is not as much as it used to be, but for some people it's enough.  If you hire H1-B employees, it's enough to buy a dozen of them.

Therefore:  IBM and the BUNCH knew a long time ago that it's more profitable to sell the service, not the code.  You can sell a service contract over and over again, every year.
0
 
LVL 57

Assisted Solution

by:Julian Hansen
Julian Hansen earned 125 total points
ID: 41844464
Developers on big projects usually only get to see a part of the codebase they are contributing to. In most cases code snippets on their own are not enough to be worth stealing - and I have always maintained if the code was developed by the developer - he does not need to steal it as it is already in his head. This does not cover other code or intellectual property that the developer did not author.

As Ray mentioned trying to lock down Web code is not really feasible. Your USP should be your business model, partnership agreements, data and customer base. There is not much you can do as a web developer that cannot be copied by just looking at what the code does. Much of the interface exists in the browser these days anyway in the form of JavaScript.

There are instances however, where you have developed IP that resides on the server that has value - and is not obvious from the browser side. At the end of the day you are going to have to trust someone. A legal document discourages theft - it cannot prevent it.

Most top developers are professionals - who have spent many years plying their trade - it is unlikely they are going to compromise that.

Having said that - we do work for film production companies and some of them can be really strict about how you handle their post production material. The legal contracts are a given but you also have to prove that your environment is secure. USB ports must be disabled. All internet connectivity is through a proxy that allows only certain traffic to and from specified destinations. You are not allowed to bring phones or cameras in to the work space. You cannot have access to your normal email or normal web services. And in some extreme cases you are searched on arriving and leaving the office. Not sure how many software companies do this - but it is an option.
0
 
LVL 25

Expert Comment

by:madunix
ID: 41845423
Get a trusted people;  make sure you have nondisclosure agreement (NDA), to protect the confidential information from being disclosed.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question