Computerworld - You would probably imagine that a company that writes and sells software would make the protection of that software paramount. That's why it's hard to believe that my company has implemented no comprehensive efforts to protect its bread-and-butter software from falling into the wrong hands.
Fortunately, upper management is finally getting a clue and has asked that we look into the technologies currently available for protecting our source code.
The need to do something is more pressing than ever. It's become trivial to find a place to store a gigabyte of source code (a good portion of our current software inventory), what with the availability of low-cost USB tokens, external hard drives and increased disk space on public e-mail repositories such as Yahoo and Google. Left unprotected, our source code could be moved off-site in less than 10 minutes.
And if clever programmers took the code, they could rebrand, reverse-engineer or replicate it and sell it for profit within a matter of days. If you think I'm exaggerating, recall that more than 800MB of source code from Cisco Systems Inc.'s Internetworking Operating System was posted to a Russian Web site a year ago .
Our programmers use the open-source Concurrent Versions System to save and retrieve various versions of source code. CVS also lets teams of developers share control of different versions of files (source code) in a common repository. The problem is that once a developer checks out source code from the repository, there are no controls to prevent him from copying, moving or transferring the code to a storage device or an FTP site. As much as we'd like to trust our programmers, it's always possible that money or coercion could get someone to take advantage of the lack of controls. And even if that didn't happen, a worm or other type of malicious code could be introduced to our internal network, compromise a user's desktop and give an outsider access to locally stored source code. I could go on for hours discussing the methods and motivations for stealing source code.
Fortunately, there are some fairly significant developments in the source-code protection market. One is software that gets installed on the developer's desktop and then inserts itself into the operating system in such a way that it prevents defined data from being copied, printed or transferred anywhere other than the source-code repository or a dedicated build server. What's nice about this type of technology is its ability to define which directories and files this protection should be applied
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
