• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 129
  • Last Modified:

How do companies protect source code?

If I've built an SaaS app in PHP, and am now hiring other developers, how can I ensure that the source code is not stolen?
Stephen Forlance
Stephen Forlance
3 Solutions
Ray PaseurCommented:
Hire only developers you trust!  Write strong contracts and be prepared to spend the money to enforce the contracts.  Have good lawyers.  Segregate the components on well-defined interfaces and only assign programmers to single components.

When companies protect source code, they often use obfuscators like Zend Guard.  But more and more programs are being put into open-source, or housed in a cloud environment and offered as a service.  It's usually the data that matters, rather than the code.  Most of us can see the action of the service and quickly envision how to write the code that "just does that."
Dr. KlahnPrincipal Software EngineerCommented:
Given the generosity of compilers with code size these days, it's hard to protect source code when running a dynamic debugger against the code reveals the source.

Everyone has a price.  All it takes is for one of your competitors to find the price of one of your employees.  A million dollars is not as much as it used to be, but for some people it's enough.  If you hire H1-B employees, it's enough to buy a dozen of them.

Therefore:  IBM and the BUNCH knew a long time ago that it's more profitable to sell the service, not the code.  You can sell a service contract over and over again, every year.
Julian HansenCommented:
Developers on big projects usually only get to see a part of the codebase they are contributing to. In most cases code snippets on their own are not enough to be worth stealing - and I have always maintained if the code was developed by the developer - he does not need to steal it as it is already in his head. This does not cover other code or intellectual property that the developer did not author.

As Ray mentioned trying to lock down Web code is not really feasible. Your USP should be your business model, partnership agreements, data and customer base. There is not much you can do as a web developer that cannot be copied by just looking at what the code does. Much of the interface exists in the browser these days anyway in the form of JavaScript.

There are instances however, where you have developed IP that resides on the server that has value - and is not obvious from the browser side. At the end of the day you are going to have to trust someone. A legal document discourages theft - it cannot prevent it.

Most top developers are professionals - who have spent many years plying their trade - it is unlikely they are going to compromise that.

Having said that - we do work for film production companies and some of them can be really strict about how you handle their post production material. The legal contracts are a given but you also have to prove that your environment is secure. USB ports must be disabled. All internet connectivity is through a proxy that allows only certain traffic to and from specified destinations. You are not allowed to bring phones or cameras in to the work space. You cannot have access to your normal email or normal web services. And in some extreme cases you are searched on arriving and leaving the office. Not sure how many software companies do this - but it is an option.
Fadi SODAH (aka madunix)Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP and CCIPCommented:
Get a trusted people;  make sure you have nondisclosure agreement (NDA), to protect the confidential information from being disclosed.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now