prevent code stealing
-
hello I supervise a team for developing software in c# and I always worry some of my members may steal the code to modify part of them and then to sell them as software components or as a complete program. What measures could I take to prevent this ? We develop in a software components approach to build up a large software.
The bastards! :omg: Jeremy's suggestion would work if you could put even a tiny bit of trust in these wicked souls, but given their crafty, honorless minds you can bet they'll find a way around anything you could establish. No, your only hope is to fire the whole lot, preferably on a holiday and after carefully locking down the code and the building so that they can't sneak back in. Then hire some people you can put faith in not to do anything odd with your code. I suggest RPG programers in their mid 40s.
Shog9
I'm not the Jack of Diamonds... I'm not the six of spades. I don't know what you thought; I'm not your astronaut...
-
hello I supervise a team for developing software in c# and I always worry some of my members may steal the code to modify part of them and then to sell them as software components or as a complete program. What measures could I take to prevent this ? We develop in a software components approach to build up a large software.
LOL - I see the suggestions made here are the same as the ones I put in the C# forum - hire people you can trust, or lock down the network. I don't think anyone here suggested full body cavity searchs on exit from the facility tho ? Another thing - erase people's minds every day, otherwise they just may be going home and rewriting what they did during the day. Christian I have several lifelong friends that are New Yorkers but I have always gravitated toward the weirdo's. - Richard Stringer
-
heh - this is a good one... Remove Internet Access, LAN only access Remove CDRW burners from dev PC's Remove Floppydrives Remove/disable USB ports Remove any network printers from dev PC's Remove/diasble com & parrallel ports Hire honest people and pay them enough so that they won't feel that stealing your software is necessary. I don't know how many of the top pieces of information are actually feasable in your instance - but I worked at a place that had nearly that exact same setup...
Bobum wrote: Remove Internet Access, LAN only access Remove CDRW burners from dev PC's Remove Floppydrives Remove/disable USB ports Remove any network printers from dev PC's Remove/diasble com & parrallel ports Woah woah woah! Better not stop there, gotta disable all the development tools also, and maybe the OS just to be safe. Can't be having those developers writing software that might allow them to transmit data using radio signals generated by altering their monitor refresh rates. Hmm, better take away the monitor too, as they might be able to read the code and remember it long enough to copy it down when they got home. Oh, and don't forget about strip searches...
Shog9
I'm not the Jack of Diamonds... I'm not the six of spades. I don't know what you thought; I'm not your astronaut...
-
LOL - I see the suggestions made here are the same as the ones I put in the C# forum - hire people you can trust, or lock down the network. I don't think anyone here suggested full body cavity searchs on exit from the facility tho ? Another thing - erase people's minds every day, otherwise they just may be going home and rewriting what they did during the day. Christian I have several lifelong friends that are New Yorkers but I have always gravitated toward the weirdo's. - Richard Stringer
Christian Graus wrote: I don't think anyone here suggested full body cavity searchs on exit from the facility tho ? Damn, i just suggested strip searches, but you're ahead of me as usual. Your employers better keep an eye on you, or 'fore long they'll find you've bettered yourself in their employ...
Shog9
I'm not the Jack of Diamonds... I'm not the six of spades. I don't know what you thought; I'm not your astronaut...
-
Christian Graus wrote: I don't think anyone here suggested full body cavity searchs on exit from the facility tho ? Damn, i just suggested strip searches, but you're ahead of me as usual. Your employers better keep an eye on you, or 'fore long they'll find you've bettered yourself in their employ...
Shog9
I'm not the Jack of Diamonds... I'm not the six of spades. I don't know what you thought; I'm not your astronaut...
It's damn uncomfortable sitting at this desk all day. I need to buy one of those new, smaller, USB memory keys. Now if I could get one that was tiny and worked via WiFi..... Given that this is a developer site, I'm not sure what this guy was expecting ? 'Well, this is how I stole code in the past' ??? I bring my own notebook to work, so I take all our code home every day. No system of policing will work as well as hiring the right people, and letting them see that they are trusted. Christian I have several lifelong friends that are New Yorkers but I have always gravitated toward the weirdo's. - Richard Stringer
-
hello I supervise a team for developing software in c# and I always worry some of my members may steal the code to modify part of them and then to sell them as software components or as a complete program. What measures could I take to prevent this ? We develop in a software components approach to build up a large software.
[Serious answer.] I have thought about this a bit in the past and this was relevant to a case study I was recently involved in. Some ideas we came up with. Before employing anyone. 1. Do a full backgroud check eg. Go back years And find out who they went to school with and get an idea of what sort of a kid they were. 2. Have created for you a psychometric test that will tease out of the employees there levels of integrety and honesty. 3. Try to dupe them by suggesting they take information from there current employer when moving to you. While employed for you have a PI try to entice them to sell information out. Leave someone elses wallet for them to find full of cash and see if they return it intact. All this activity will cost you money so you had better do a cost benefit analysis to determine at which extreme is worthwhile. Regardz Colin J Davies The most LinkedIn CPian (that I know of anyhow) :-)
-
[Serious answer.] I have thought about this a bit in the past and this was relevant to a case study I was recently involved in. Some ideas we came up with. Before employing anyone. 1. Do a full backgroud check eg. Go back years And find out who they went to school with and get an idea of what sort of a kid they were. 2. Have created for you a psychometric test that will tease out of the employees there levels of integrety and honesty. 3. Try to dupe them by suggesting they take information from there current employer when moving to you. While employed for you have a PI try to entice them to sell information out. Leave someone elses wallet for them to find full of cash and see if they return it intact. All this activity will cost you money so you had better do a cost benefit analysis to determine at which extreme is worthwhile. Regardz Colin J Davies The most LinkedIn CPian (that I know of anyhow) :-)
ColinDavies wrote: All this activity will cost you money so you had better do a cost benefit analysis to determine at which extreme is worthwhile. And to an extent it will cost you your companies self respect (at least option 3 or 4) if your employees ever find out. If I found out that my employer actually hired a PI to try and entrap me to test my honesty and integrity as a potential employee, I think I'd be tempted to quit on the spot. As a general rule, there's a point where this becomes ridiculous. That said, there *are* some situations where this would be OK IMHO. Anyone working in secure environments like the CIA or NSA or whatever should fully expect this kind of background checking. However for just a run of the mill job? Seems like overkill. ¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF!
-
Bobum wrote: Remove Internet Access, LAN only access Remove CDRW burners from dev PC's Remove Floppydrives Remove/disable USB ports Remove any network printers from dev PC's Remove/diasble com & parrallel ports Woah woah woah! Better not stop there, gotta disable all the development tools also, and maybe the OS just to be safe. Can't be having those developers writing software that might allow them to transmit data using radio signals generated by altering their monitor refresh rates. Hmm, better take away the monitor too, as they might be able to read the code and remember it long enough to copy it down when they got home. Oh, and don't forget about strip searches...
Shog9
I'm not the Jack of Diamonds... I'm not the six of spades. I don't know what you thought; I'm not your astronaut...
You'd let them go home? Chain them to their desks.
I can imagine the sinking feeling one would have after ordering my book, only to find a laughably ridiculous theory with demented logic once the book arrives - Mark McCutcheon
-
The bastards! :omg: Jeremy's suggestion would work if you could put even a tiny bit of trust in these wicked souls, but given their crafty, honorless minds you can bet they'll find a way around anything you could establish. No, your only hope is to fire the whole lot, preferably on a holiday and after carefully locking down the code and the building so that they can't sneak back in. Then hire some people you can put faith in not to do anything odd with your code. I suggest RPG programers in their mid 40s.
Shog9
I'm not the Jack of Diamonds... I'm not the six of spades. I don't know what you thought; I'm not your astronaut...
Shog9 wrote: I suggest RPG programers in their mid 40s. Hey! I coded RPG III/400 :mad: But I'm only 40 :-D Cheers, Tom Archer - Archer Consulting Group Programmer Trainer and Mentor and Project Management Consultant
-
ColinDavies wrote: All this activity will cost you money so you had better do a cost benefit analysis to determine at which extreme is worthwhile. And to an extent it will cost you your companies self respect (at least option 3 or 4) if your employees ever find out. If I found out that my employer actually hired a PI to try and entrap me to test my honesty and integrity as a potential employee, I think I'd be tempted to quit on the spot. As a general rule, there's a point where this becomes ridiculous. That said, there *are* some situations where this would be OK IMHO. Anyone working in secure environments like the CIA or NSA or whatever should fully expect this kind of background checking. However for just a run of the mill job? Seems like overkill. ¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF!
The main point I should have made, is to get the right people to start off with. Then to create and continue a culture where you will retain them and they will respect the company. While I have no personal experience worthy of mentioning I feel many corporates have screwed themselves up in regards to this due to be controlled by bean counters who try to save money through cost cutting rather than lift production and sales. Regardz Colin J Davies The most LinkedIn CPian (that I know of anyhow) :-)
-
The main point I should have made, is to get the right people to start off with. Then to create and continue a culture where you will retain them and they will respect the company. While I have no personal experience worthy of mentioning I feel many corporates have screwed themselves up in regards to this due to be controlled by bean counters who try to save money through cost cutting rather than lift production and sales. Regardz Colin J Davies The most LinkedIn CPian (that I know of anyhow) :-)
OK, well there I agree 200% with you! I have always been utterly amazed at how slack all the places I have been employed at have been at checking backgrounds, following up on references, and/or actually conducting a thorough interview. The only place I have interviewed at that I thought did a competent job was (eeewww, get ready for this!) Microsoft. Most places have been absolutely derelict in actually determining whether or not I was actually up to snuff. Maybe this is just the way things work, but coming from a conservatory background where "interviews" are ferociously competitive it was rather weird to experience. ¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF!
-
OK, well there I agree 200% with you! I have always been utterly amazed at how slack all the places I have been employed at have been at checking backgrounds, following up on references, and/or actually conducting a thorough interview. The only place I have interviewed at that I thought did a competent job was (eeewww, get ready for this!) Microsoft. Most places have been absolutely derelict in actually determining whether or not I was actually up to snuff. Maybe this is just the way things work, but coming from a conservatory background where "interviews" are ferociously competitive it was rather weird to experience. ¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF!
It's a time consuming and expensive job to conduct thorough background checks, which is my guess why most palces don't do it. But as you say MS do it and they have built a "special" culture around having the right people behaving in the right way. All the folk I know who work for MS seem to love being involved with the company, although I'm sure there are dissenters. Regardz Colin J Davies The most LinkedIn CPian (that I know of anyhow) :-)
-
You'd let them go home? Chain them to their desks.
I can imagine the sinking feeling one would have after ordering my book, only to find a laughably ridiculous theory with demented logic once the book arrives - Mark McCutcheon
-
If you don't trust your own co-/workers you need to get that sorted long before you think about protecting your code. A trusting workplace is a productive workplace.
Ðavid Wulff The Royal Woofle Museum
Audioscrobbler :: dwulffEverybody is entitled to my opinion
David Wulff wrote: If you don't trust your own co-/workers you need to get that sorted long before you think about protecting your code. A trusting workplace is a productive workplace. Sing it, brothe'. Sing it. He said this was like painstakingly assembling the first layer of a house of cards, then boasting that the next 15,000 layers were a mere formality.--The Code Book, pp. 331 Toasty0.com DotNetGroup.org
-
heh - this is a good one... Remove Internet Access, LAN only access Remove CDRW burners from dev PC's Remove Floppydrives Remove/disable USB ports Remove any network printers from dev PC's Remove/diasble com & parrallel ports Hire honest people and pay them enough so that they won't feel that stealing your software is necessary. I don't know how many of the top pieces of information are actually feasable in your instance - but I worked at a place that had nearly that exact same setup...
Bobum wrote: heh - this is a good one... Remove Internet Access, LAN only access Remove CDRW burners from dev PC's Remove Floppydrives Remove/disable USB ports Remove any network printers from dev PC's Remove/diasble com & parrallel ports heh - heh, and then watch your developers leave, good one - not.
-
heh - this is a good one... Remove Internet Access, LAN only access Remove CDRW burners from dev PC's Remove Floppydrives Remove/disable USB ports Remove any network printers from dev PC's Remove/diasble com & parrallel ports Hire honest people and pay them enough so that they won't feel that stealing your software is necessary. I don't know how many of the top pieces of information are actually feasable in your instance - but I worked at a place that had nearly that exact same setup...
Thta is not s silly as it sounds, I know of banks that have that configuration on their PCs
"An expert is a person who has made all the mistakes that can be made in a very narrow field." - Neils Bohr
-
heh - this is a good one... Remove Internet Access, LAN only access Remove CDRW burners from dev PC's Remove Floppydrives Remove/disable USB ports Remove any network printers from dev PC's Remove/diasble com & parrallel ports Hire honest people and pay them enough so that they won't feel that stealing your software is necessary. I don't know how many of the top pieces of information are actually feasable in your instance - but I worked at a place that had nearly that exact same setup...
Before I got my current job I spent a long period temping, and one of the assignments was at an RAF base They were in the process of rolling out a new system that was incredibly paranoid From memory: Only internal email (there'd be a departmental email address that was visable from outside, that only a particular computer could access, so people had to go to that and forward stuff to their own internal account) No internet access No access to *any* drive or folder on the computer bar My Documents DirectX, Media Player, and any kind of audio/video codec stripped out Firewire, USB, serial, parallel all disabled Network printing disabled (erm... how can you print?) and hundreds of other little things that you'd always find yourself needing Oh, by the way, I was working in a graphics/media shop (doing lots of graphics and video work - so the lack of the ability to print or use video would've been quite a problem, as was the fact that the promo videos being produced would no longer play on anybody's computers due to the lack of player codecs) Joy -- Help me! I'm turning into a grapefruit! Phoenix Paint - back from DPaint's ashes!
-
hello I supervise a team for developing software in c# and I always worry some of my members may steal the code to modify part of them and then to sell them as software components or as a complete program. What measures could I take to prevent this ? We develop in a software components approach to build up a large software.
Just to add to your paranoia. No matter what measures you take, you can not take away their knowledge to produce the code again...and second time round it is likely to be better! ;) Seriously, you need to trust your co-workers and make them feel important / wanted. In this sort of environment people are less likely to want to stray. Ant. I'm hard, yet soft.
I'm coloured, yet clear.
I'm fruity and sweet.
I'm jelly, what am I? Muse on it further, I shall return! - David Walliams (Little Britain) -
Bobum wrote: heh - this is a good one... Remove Internet Access, LAN only access Remove CDRW burners from dev PC's Remove Floppydrives Remove/disable USB ports Remove any network printers from dev PC's Remove/diasble com & parrallel ports heh - heh, and then watch your developers leave, good one - not.
norm.net wrote: Bobum wrote: heh - this is a good one... Remove Internet Access, LAN only access Remove CDRW burners from dev PC's Remove Floppydrives Remove/disable USB ports Remove any network printers from dev PC's Remove/diasble com & parrallel ports heh - heh, and then watch your developers leave, good one - not. Believe it or not, that's standard for military projects like the one I'm working on :)
Ryan
"Punctuality is only a virtue for those who aren't smart enough to think of good excuses for being late" John Nichol "Point Of Impact"
-
If they are your employees, make 'em sign a Non-Disclosure Agreement and/or Non-Compete Agreement. If they are your business partners and you're that paranoid, then maybe you shouldn't be in business with people you're afraid will rob you blind. Jeremy Falcon
A no-compete agreement can be successfully defeated in court in right-to-work states. Afterall, you gain a certain level of expert knowledge for a program you write, and you can take that expert knowledge with you to another company, and write different code based on that knowledge. Nobody can legally prevent you from exercising your expert knowledge or you chosen profession of "programmer". For instance, I spent 12 years writing estate planning software for one company and I gained a LOT of knowledge about the tax codes and other estate planning related stuff , and I could have quit at any time and went to work for one of our competitors, and my old employer couldn't have done a thing about it UNLESS I also used code fromt their program, and at that point, they could have sued my new employer as well. Employers are also reluctant to allow a programmer to bring in code from outside (code from CP notwithstanding). ------- sig starts "I've heard some drivers saying, 'We're going too fast here...'. If you're not here to race, go the hell home - don't come here and grumble about going too fast. Why don't you tie a kerosene rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
