Ask Slashdot: How To Work On Source Code Without Having the Source Code?

occamboy writes: Perhaps the ultimate conundrum!

I've taken over a software project in an extremely specialized area that needs remediation in months, so it'll be tough to build an internal team quickly enough. The good news is that there are outside software engineering groups that have exactly the right experience and good reputations. The bad news is that my management is worried about letting source code out of the building. Seems to me that unless I convince the suits otherwise, my options are to:

1) have all contractors work on our premises — a pain for everyone, and they might not want to do it at all

2) have them remote in to virtual desktops running on our premises — much of our software is sub-millisecond-response real-time systems on headless hardware, so they'll need to at least run executables locally, and giving access to executables but not sources seems like it will have challenges. And if the desktop environment goes down, more than a dozen people are frozen waiting for a fix. Also, I'd imagine that if a remote person really wanted the sources, they could video the sources as they scrolls by.

I'll bet there are n better ways to do this, and I'm hoping that there are some smart Slashdotters who'll let me know what they are; please help!

An NDA works and makes for Target to sue

[Joe_Dragon]

An NDA works and makes for Target to sue if the code gets out.

Re:

[AmiMoJo]

It kinda sounds like they are outsourcing to somewhere that they think an NDA will be impossible to enforce, or where the source will be leaked and they won't be able to prove anything due.

In any case, the only other option is to tell the bosses to pony up the cash to get the people they need on site, even if that means temporary accommodation for them. Any remote system you manage to devise will simply allow the source to be stolen anyway.

Re:An NDA works and makes for Target to sue

[gstoddart]

It kinda sounds like they are outsourcing to somewhere that they think an NDA will be impossible to enforce, or where the source will be leaked and they won't be able to prove anything due.

Then .. they're doing it wrong.

If you think either of those things, why the hell would you hire them? That would be idiotic, if not outright irresponsible.

Re:An NDA works and makes for Target to sue

[AmiMoJo]

That would be idiotic, if not outright irresponsible.

This is management. If it works they saved a load of money and get a nice bonus. If it goes wrong they blame occamboy. It's win-win!

Re:

[gstoddart]

LOL .. hear that occamboy? Cover your ass very thoroughly.

Re:

[bonehead]

This X1000...

Management, in many (most) companies consists of two complimentary skills. Stealing credit and deflecting blame.

These people love meetings. Attending a meeting is a chance to claim involvement with the project if it turns out to be successful. If it fails, you just say you didn't really have anything to do with it except attend a couple meetings.

Either way, you just sit back and wait for your promotion. No productive work necessary!

Re:

[Tablizer]

Amen!

CYA Rule #7: Put it in writing.

If you spot a shady or risky practice in the works, I suggest you write your caution in an email and CC enough people to have a decent record.

You WILL likely take flack for sending it, but it provides you with a degree of protection if The Finger is aimed at you later. Better to be slapped early once than risk being spanked 10x later.

Just make sure you word it politely. There are ways of mentioning risk without sounding too much like a spoil-sport.

Example: "I'm concerned

Re:

[Chris Mattern]

That would be idiotic, if not outright irresponsible.

To which many managers will reply, "Yeah, but it's cheap."

Re:

[meloneg]

In many states NDAs are easily, and legally, ignored. I do agree that if you cannot trust someone, do not hire them.

You may be confusing non-disclosure with non-compete. The latter are rarely enforceable.

Re:

[Anonymous Coward]

Any remote system you manage to devise will simply allow the source to be stolen anyway.

Not only will they still be able to steal the source code on a USB stick if you bring them in on site, they will also be plenty of opportunities for them to take a lot more if you don't intend to have one guard standing behind each of them whenever they are there.
If you don't trust them you can't use them. Not on site and not remotely.

It is hard to get suits to understand this.
Outsourcing is the magic black box that solves every problem but they are convinced that the company value is tied to the company na

Re:

[Immerman]

>Try as they might our corporate overlords don't yet have the technology to purge our memories.

I see they finally caught up with you. Damn it man, we were counting on you to make the evidence public!

Re:An NDA works and makes for Target to sue

[arth1]

An NDA works and makes for Target to sue if the code gets out.

That works great unless the managers look to save money by outsourcing to countries where such lawsuits would go nowhere, and contractor companies disband/reband at the first sign of trouble.

Re:

[Austerity Empowers]

An NDA works and makes for Target to sue if the code gets out.

No, in many companies you may not discuss anything at all without an NDA, but an NDA itself is not sufficient to get code access. Half of my previous employers would not allow contractors to even see code without a VP to sign off, and even then had to do so on site, with company equipment and were not allowed any electronics. Contractors are second class citizens in many places, usually for the same reason as why you hired them: they are dispos

Re:An NDA works and makes for Target to sue

[cayenne8]

Hey...sometimes you just gotta work on site.

NDA's are nice...but I've seen them ignored and nothing much could be done about it, unless your company is a BIG one with some powerful attorney's and deep pockets.

So, I'd say the simplest thing would be to have them work on site. Sounds like with the fast timing requirements, it might actually just be better for them to work and test ON the machines that will be running it, to make sure it runs fast enough....?

Re:An NDA works and makes for Target to sue

[Anonymous Coward]

If someone is willing to ignore your NDA, then they're also willing to walk off with a copy of the code. If you can't trust them, don't hire them.

Re:An NDA works and makes for Target to sue

[ShanghaiBill]

If someone is willing to ignore your NDA, then they're also willing to walk off with a copy of the code.

This is assuming the source code is actually worth something to someone else. Most companies have a wildly inflated idea of what their code would be worth to a competitor. In general, your competitors have no interest in seeing your crappy code, and are too busy with their own problems.

I once consulted for a company that decided to "open source" some of their code. There were objections that they were giving away their "crown jewels", but they went ahead and did it. A year later, they had this many downloads of the code: 0.

Re:An NDA works and makes for Target to sue

[Anonymous Coward]

A year later, they had this many downloads of the code: 0.

4,294,967,296 downloads? That's quite impressive!

Re:

[Pseudonymous Powers]

Most companies have a wildly inflated idea of what their code would be worth to a competitor. In general, your competitors have no interest in seeing your crappy code.

It depends on what they're planning on doing with it. I agree that a competitor's codebase is going to be of approximately zero interest to developers trying to implement a similar system. It might, however, be very interesting to a legal team, who might want to scan it for patent and licensing violations. If they can find some, real or imagined, they can exploit these liabilities for FUD purposes, or to strategically cripple the competition's products.

Re:

[luis_a_espinal]

If someone is willing to ignore your NDA, then they're also willing to walk off with a copy of the code.

This is assuming the source code is actually worth something to someone else. Most companies have a wildly inflated idea of what their code would be worth to a competitor. In general, your competitors have no interest in seeing your crappy code, and are too busy with their own problems.

I once consulted for a company that decided to "open source" some of their code. There were objections that they were giving away their "crown jewels", but they went ahead and did it. A year later, they had this many downloads of the code: 0.

Be that as it may, it would be irresponsible for a company to be careless to protect its intellectual property (even if it is shitty.) Also, sometimes the code might be shitty, but *what it does* is what is important. Without disclosing, I've seen some truly crappy code that yet are integral parts of systems delivering hundred of millions in value.

The potential value of a system is not just on how it is constructed, but in the services that it can render. And like any business, systems might operate on th

Re:

[mikael]

It wouldn't make any difference. They are constantly upgrading their algorithms, looking for faster hardware, flaying device drivers down to the bare bones, moving to colocation facilities, making use of multi-core CPU's, GPU's servers, clusters and farms that the algorithm itself wouldn't be enough.

Re:

[PhilHibbs]

And they probably believe/deny* AGW. *Delete as appropriate.

Re:

[Alypius]

I think he was alluding to the mantra of "if you can't trust me with a choice..."

Document the costs and benefits, management decide

[raymorris]

Maybe the cost to have people work on-site is worth it, maybe not. Management said they wanted to keep the code on-site, and management wants to manage costs. Management can decide whether working on-site is important enough to them that they want to spend the additional money, after you tell them how much it will cost them.

So estimate the costs for each option, then let management decide - do they want to spend three times as much to have people on-site, given that there is little to no benefit? Are they happy with remote desktop, given the costs? Let management decide their own priorities.

Re:An NDA works and makes for Target to sue

[jellomizer]

Well more to the point, no matter what happens the damage is done.
Source Code isn't as much of a threat to the organization as it is people who understand what it is doing.

From the sound of the story, it seems like they are doing high-frequency-trading, and if the source is released then competitors can just start up their own competing company, and you loose out on your competitive advantage. However source code is usually minor part of the detail. It is when people understand what is going on and why it does it. Then they can go ahead and make a better version using the principles they learned maintaining your code.

I have worked across a lot of organizations and I never copy the source code to my personal devices, and when I am done with the project I remove whatever I have. However what I learned from working with the code is where I am at an advantage. I find new ways to solve problems, I keep track of it, and flag it in my mind as a better way to approach a problem. I learn and get better. If I were to just take the code and make a competing company, I wouldn't have myself a real advantage, as I may not understand it.

Re:An NDA works and makes for Target to sue

[pla]

NDA's are nice...but I've seen them ignored and nothing much could be done about it, unless your company is a BIG one with some powerful attorney's and deep pockets.

Free hint, corporate America - I don't need the actual code in-hand to walk away with anything actually worth stealing from your code.

The implementation amounts to nothing more than mere documentation, to a skilled programmer. The underlying concepts hold all the value, and once I've seen them, you can't make me un-see them. "Oh, what a cool way to schedule garbage collection without sacrificing soft-realtime I/O responsiveness! I'll have to remember that one!" - Done. Your one jewel-amongst-the-dross just became mine.

So whether enforceable or not, the NDA has a hell of a lot more practical use here, as opposed to trying to control physical access to your preeeciousss source code.

Re:

[Austerity Empowers]

I don't need the actual code in-hand to walk away with anything actually worth stealing from your code.

I don't disagree with the overall premise, but there are many times when the actual implementation is more important than the concepts. How long did Microsoft keep the world hostage with proprietary document formats? There are quite a few examples of this in the industry.

If you think like an asshole, by which I mean an investor or CEO, then you have to figure out what is the fastest way to get rich quic

Re:

[Bert64]

Indeed if they are that paranoid, then the onsite staff could easily copy the code if they wanted to, forcing people to work onsite provides zero additional assurance unless you take extreme measures such as cutting off all outside access and searching people as they enter/exit etc.

The only protection you have is the NDA and other contracts between contractors/employees and the company, even the NSA couldn't physically stop someone from getting data out of the organisation.

Re:

[Austerity Empowers]

That and generally employees tend to stay around a bit longer and won't immediately run off to a competitor unless they are laid off. HR tends to screen out resumes for employees whose work history looks like a bingo card. You can trust an employee a bit more because he has more to lose and has incentive to stick around a while and not immediately run off to a competitor.

A contractor on the other hand has to eat, he'll run off immediately at the end of his contract and take the best option available to him,

Re:

[BarbaraHudson]

Even working on-site is no guarantee that code won't leak out. Thinking otherwise is foolish. You balance the risks vs the rewards, and make your decision accordingly. Anyone who doesn't understand that there's risk in everything should be sent back to the nursery.

Re:An NDA works and makes for Target to sue

[The-Ixian]

Any sort of remote access to do work is basically the same as letting the code out of the building

I can attest to this.

I have worked for large corporations that utilize proxied access to the Internet and locked down removable media.

It was still trivially easy to circumvent by using PuTTY to open an SSH tunnel over 443 to my home network, then using port forwarding to open an RDP session to an internal Windows box (complete with file transfer and drive redirection).

I really just wanted to see if it could be done more than anything else.

PuTTY turns out to be on the approved executable list of every place I have worked.... Hey, if you give me the tools.... *shrug*

safe rooms

[Anonymous Coward]

one option is allowing them to remote in from designated remote locations to virtual desktop implementations, safe rooms/clean rooms, where cell phones, etc. are not allowed. although there is still the concern of using screen capture software, so provide the computer equipment too, so you can lock down admin rights, software, dlp tools, proxy redirects, and all of the other goodness that can be used to limit the risk. This is one solution used in corporate america

Re:

[Z00L00K]

That will only work if you have full control over the site of work. As soon as you say "remote" you have a security hole.

Re:

[bhcompy]

Various government offices work that way. I work at one such office on occasion. Check your electronics at the door, put them in a locker, go through a security check, and off to work you go on a secured and locked down computer. And there are people standing in line to make the kind of money a govt contractor makes doing IT/dev

Re:

[Antique Geekmeister]

Unless you also lock off the network pretty thoroughly, people _will_ leave remote access in place. Even more fun is when the people in HR have a modem plugged in at their desks, and the people in sales catch wind of it and submit a help request to get the same thing.

Re:

[bhcompy]

The places I'm describing are typically air gapped.

No problem ...

[gstoddart]

I'll bill you at triple my usual rate to pretend to have fixed your code, and you continue to pretend I could have done so without seeing your code.

If you quadruple my rate, I won't even admit to ever have done so.

I think it sounds perfectly equitable.

More seriously, that is what contracts are for. If you can't write a contract and hire people you can trust, you can't accomplish this task. At the end of the day, they'll see your code, and it will enter their brain.

As has been pointed out elsewhere, this is what NDAs with big penalties are for.

Option 3

[Anonymous Coward]

Perform solid background checks and pay the employees enough that you can trust them.

You have to be able to trust your employees. Onsite requirements will not aid in this.

Note: Also... I am also misunderstanding why you can not have them remote into "local" boxes onsite, and run/execute the code from there. That code should execute in exactly the same manner as a local system running the code.... the remote contractor screens might take a little time to update.... but largely should be identical to physic

Have them work on the premises.

[91degrees]

Speaking as a contractor, I'll work on site if you insist. You're the boss. Provide me with equipment and coffee, and I'll suck it up.

We're whores. We want your money. We don't care if your demands are stupid, as long as we can meet them.

Re:Have them work on the premises.

[gstoddart]

I mostly agree, except you forgot one thing ... but it will cost you.

Re:Have them work on the premises.

[cat_jesus]

Right. As a consultant I will tell you when your requirements are stupid and costly. If you still insist on me working inefficiently it's your dime. I'll happily take more of your money to do it the wrong way and I will make sure my recommendations are clear in the documentation.

Re:

[Drethon]

From experience, on site has been the best as there is less confusion about what needs to be done. While an e-mail may go days without a response, dropping by at a desk works nicely.

If you want to give them the ability to work off site, provide laptops with encrypted hard drives and an NDA (as mentioned by an earlier poster). I've been working for years on government contracts where they really don't want the info getting out and it has worked pretty well.

This is what APIs / abstraction is for

[Anonymous Coward]

You don't give them any source code. You create interfaces (in the Object Oriented Programming sense) and "dummy" implementation version of what your executables do. You provide these to the subcontractors.

This way, they can work on the new source code remotely, without accessing the existing proprietary stuff.

Re:

[arth1]

Yes, but the problem is that creating and maintaining those APIs can take more time and effort than the coding job, and managers are often not aware of how much work that can be.
If they want a job done fast, and that's why they want to bring in people, it's not a good option.

Re:

[D.McG.]

Ridiculous. You should ALWAYS be coding to an interface. The interfaces are the contracts between subsystems. Design those first, and more people can work in parallel.

Pirates' view

[jones_supa]

Well, well, where are the pirates to now say "no one loses anything if someone makes a copy"? Then I would respond that they lose the potential value of the code. Then the pirates respond "no one knows if the company would have made money with the code, it's all speculation".

Re:

[Ace17]

Pirate here.

You seem to be confusing "no one loses anything if someone makes a copy" with "no one loses anything if the internals of this program are made public".
These are two very different beasts.

The first sentence refers to a business model based on selling copies. The second sentence refers to trade secrets. If the code implement some secret method giving the company a competitive advantage, making it public might make the company lose this advantage. If the code contains some obvious security

You pretty much covered the options

[enjar]

You can do the onsite thing, but you are right in that you will limit the groups which may be interested, and also you may need to pay more as the group may include the cost of hotel stays, food, etc in their quote for doing the work. So you can limit your potential personnel and it can cost more.

If you do the remote thing, they don't have to log into virtual desktops, they can log into real hardware just as well if performance is an issue.

Also, "I need you to fix my source code but you can't see it" ... that's kind of a paradox.

And regarding your source code, set up a NDA. If the group you contract with is a quality group with a good reputation, this shouldn't be a problem. Actually I hate to break it to your management, but unless you are doing an air gap/search of employees entering a special lab where they have no means of getting the code off (floppies, USB keys, etc), your source code has likely left the building one way or another, for good or ill.

You can also tell your management that if they want to do this all internally, etc that the timeline needs to be extended. They are giving you legitimately contradictory constraints. Not that this is uncommon (constraints conflict all the time), but you need to know where the flexbility is.

Re:You pretty much covered the options

[Tjp($)pjT]

I have done some forensics work in software. The most secure setup was a room with cameras, the computers in a locked box, PS/2 keyboard and mouse with attached cords that go into the locked box, VGA only monitor, and a printer filled with pre-numbered sheets of paper. I emptied all my electronics including watch, no calculator, no phone, etc. Allowed items were a pen/pencil and notepad. I was escorted into the room (roughly 1500 miles from my office) the paper was loaded by the escort. When I wanted to leave the room I pressed a buzzer button. The escort collected the printouts, and the paper supply. briefly looked to see if there were obvious missing pages. They can't see my notepad, and my instructions were to write small, though the cameras were not supposed to see the monitor or desk surface. After their side examined the pages I printed out, they allowed a lawyer to pick up the copies, as I had to review the printouts in the lawyers offices and not personally ever posses them. Under those conditions with a 10 hour work day (8 onsite, 2 writing up the days notes onto a computer at the hotel room) it is amazing how little code can be reviewed in a day. They did allow tools of our choice to be installed on the computers at their expense. And they installed the software versions we said were suspect in source form.

Under these conditions, if you forced them on developers, you'd be paying them what I was paid for forensic investigation, somewhere around $250-300 an hour if you want top quality people. And they will burnout in short order, so keep a queue filled with replacements. I could do that for only short bursts at a time.

Even then, I could have copied the code onto paper line by line. And in some cases did for short segments that showed infringement.

In even the harshest of conditions code can still leak. But your biggest weak point is if your network is not air gapped and you use source code control, keeping the social engineering aspect in check so you aren't hacked. For contractors and employees, only hire ones you trust and depend on NDAs and integrity. And a VPN that is appropriately encrypted is like working in the office. Supply the computers and you can install monitoring software on them, and USB management software to provide gentle no-no-no reminders as they try to work they way they normally would.

It's not efficient

[ChrisMaple]

If the job can be divided into independent chunks, define an interface and subcontract each chunk to a different subcontractor.

sign the code

[phantomfive]

Set up an automated build machine task to sign the code on every commit. Then every time someone wants to check out the code, make sure it gets sent to them in an encrypted way (in other words, use git). Tell the managers that the code signatures will allow you to cryptographically verify the code.

The reality is, if an employee wants to steal your code, you will not be able to stop them.

#2. Why is this a question?

[xxxJonBoyxxx]

Do #2. I worked for years with a "primary" desktop with a beefy configuration doing all my compiles; I maybe sat at my desk and used the monitor once a week. Most of the time I just RPC'ed into it from whatever building I was in or from home. Connectivity was an issue on maybe 0.5% of the days, and then it was only temporary (after all, if the company's Internet is down, it won't stay that way for long). After doing that for a while I couldn't imagine being tied to a chair in front of a specific machine

I suspect you're doomed to failure :(

[tatman]

" so it'll be tough to build an internal team quickly enough "

This smells of failure. Contractors aren't going to get up to speed any faster than internal resources (sans technology specifics like expertise in a language). Our management tried the same thing: hire contractors for a short term (less than 3 months), hurry up scenario. Except it took a month to interview and get the contractors on site. Much of the 3 months of contractors time was spent to get their environments setup, work with IT to configure permissions and the contractors themselves to learn the complex product enough to contribute. Not to mention the loss of focus of the internal team assisting the the contractors.

I would spend more effort coming up with a realistic plan that has a chance at success rather than trying to meet a date that is not going to be met. Build a plan that includes a mix of internal an external resources. I would include time to hire contractors (remembering that background checks take time) plus all of the other activities that will consume time away from producing the finished product.

Re:I suspect you're doomed to failure :(

[gstoddart]

" so it'll be tough to build an internal team quickly enough "

This smells of failure.

It is failure, but it's unrealized failure, and management may not understand how bad of a failure it is. Having a company which no longer employs the resources to fix and maintain their products means someone has already harmed the company beyond easy repair and failed to do anything about it.

If you need this remediated within months, you're probably months past the point where you should have done something about it.

No longer having the skillset to maintain your product means you are so deeply screwed it isn't funny. You're just pretending you still have that product.

So, which is it? They laid off everybody who could do this? Or they pissed off everybody who could do this and they left on their own?

Because, really, if you don't have the internal skills to fix it ... how can you possibly be qualified to evaluate, hire, and oversee the external skills in that impossible timeline?

This is a pretty epic fail ... and in my experience that means management usually dropped the ball along the way. This is like a company making rocket engines suddenly realizing they don't have any rocket scientists.

Re:

[BitZtream]

Because you had one guy who did all the awesome work and yesterday he dropped dead?

This is a regular occurrence in business. Ive helped out multiple small companies when the ONE guy who wrote the code that the ENTIRE company revolves around ceases to be available for some reason. One of them was literally hit by a bus and he was the only one that worked on software for a company with roughly 30m in revenue that year and a couple hundred employees. A small company, but to me thats huge to have ONE guy th

Re:

[Anonymous Coward]

If only someone had done some research on this idea and come up with a simple law for us all to remember, like "Adding manpower to a late software project makes it later."

Re:I suspect you're doomed to failure :(

[abies]

Contractors aren't going to get up to speed any faster than internal resources (sans technology specifics like expertise in a language).

Depends. If he is talking about things like HFT (sub-ms speed and paranoia of employer to share sourcecode), you can get contractors with a lot more that just expertise in language - they know exactly what to code from start till the end, what are common stumbling blocks etc. It is just getting a person to write a http web server, in some alternate world when there are no open source projects and no reliable 3rd part providers. Getting a contractor which has already written 5 web servers for different companies is going to speed you up really a lot.

Such dynamic is not common in other areas - but in other areas, being few % faster than competitor does not let you earn order of magnitude more money. There is huge negative incentive for companies to share their code and no incentive for contractors to spread/share their knowledge in form of open source, as it can directly cuts into their future profits.

Said that, it might something else, because:
- for amount of money you are paid (we are talking 1000+ daily, in whatever currency you happen to like), people are generally willing to relocate, especially for shorter projects, which this one seems to be
- HFT is not exactly a hot subject right now (and they might be already reasonable off-the-shelf solutions, I'm outside of that for some years now)

Re:

[Bert64]

If the contractors are already familiar with writing such algorithms, then chances are they worked for your competitors. And if they retain memory of competitors algorithms, they will retain memory from yours too.

This is another reason why being paranoid about sourcecode leaving the building is pointless...

Have them work on site using your secure computers

[CQDX]

If you are really paranoid, have them work in a secure room that doesn't have Internet access and where personal electronics are forbidden. No laptops, no USB drives, no smart phones, nothing that could be used to copy code.

And regardless of the code security issues, managing remote contractors is slow and difficult. If time is a consideration, they must work in your office where questions can be asked and answered quickly... no need to schedule a teleconference on Outlook 3 days from now.

Re:

[wonkey_monkey]

And no ventilation access in the ceiling that's just the right size for a pint-size movie star to dangle through.

Re:

[gstoddart]

Hey, Tom Cruise isn't that short.

open source it

[ooloorie]

Once you open source it, you don't have to worry about the source code getting out anymore...

What if you give the suits what they want?

[generic_screenname]

Post a job ad, with a caveat in the description that developers can't see the code they are supposed to work on. Report back when you don't get any results. Have some conversations with recruiters and candidates, and document the WTF reactions while you're at it. It may also be worth getting different quotes from the team you wanted to hire: one at a rate with reasonable accommodations that allow them to do their jobs, and another where they will have to deal with endless BS because management doesn't trust anyone. The truth of the matter is that someone really, really wants to target your company, they will. An employee could steal something. You could be hacked. A very determined assailant, given enough time and resources, will get to you. There are tradeoffs made to account for this possibility, while allowing enough latitude for people to do their jobs. It's the same with this group of contractors. If they really, really wanted to steal from you, then they could, and no amount of legal procedure would stop them. If they have built up a good reputation, then they probably won't do this. At the end of the day, this gets down to managing the fear level of your superiors, and it may mean letting something go undone until they come around to letting go a little bit.

Impossible job ad = open door for a H1B to take t

[Joe_Dragon]

Impossible job ad = open door for a H1B to take the real job at a low pay rate.

Cameras are so, so tiny these days

[Medievalist]

You cannot physically enforce security of code sources you are allowing people to see - unless you are going to have them work entirely naked, under constant physical observation, with full body cavity searches every time they enter or leave the workroom.

Hire someone trustworthy, pay them well, and have them work on-site. That is the path to success. Anything else is almost guaranteed to create the situation you're trying to avoid; paranoia breeds dissent and distrust breeds subterfuge.

Re:

[shaitand]

Even then people have built in video cameras. They are called eyes. Developers who work on the source are going to know how it works. It doesn't make a lot of difference if they re-implement it when they go home. Their code will look different but will have been written with the benefit of knowing how yours works. Not much you can do about it.

Set up a local environment to remote access. Lock it down to a reasonable degree and tell people they aren't allowed to remove the code from the env. You can log their

Re:

[phantomfive]

Yeah, and that didn't stop the classified documents from getting stolen, did it?

Re:

[gstoddart]

hmm.... what you are saying would not impress the U.S. military. You are not allowed to have electronics of any kind in certain classified areas. If you are caught with said electronics you can go to jail for a very long time.

And yet I wonder what a real world audit would reveal about what actually happens.

Because, really, how much do we believe they have 100% success in enforcing it? I don't.

NDA is your only hope

[roc97007]

Your boss needs to understand that whether they access source at home or at work, they'll have access to source. You can't put those worms back in the can. Traditionally, a condition of employment is to not put the company's intellectual property at risk. This is true regardless of the work arrangement.

That said, there is precedent for having developers work from a citrix farm. And yes, there are reliability challenges. Whether this is practical depends on how good your IT is.

Re:

[Drethon]

Not to mention that almost any security system to prevent people from transferring data off the site can be worked around one way or another. Any perfectly secure system is perfectly static, nothing will ever change in the data it is protecting.

Contractors will always come on-site

[mveloso]

If you pay them enough, contractors will do the work on-site. It's not a pain, it's SOP.

Can't have your cake and eat it, too.

[Drewdad]

You cannot simultaneously keep something secret and share it.

This question really doesn't make sense... How do you have a highly-valuable source code repository and simultaneously require external developers to modify/maintain it? How was the code developed initially? Did you have contractors develop it initially, and then have some kind of falling out? Did you have a mass walkout of your staff?

Not sure I really follow

[shaitand]

Why exactly are their own personal systems better for testing than the exact same hardware remote accessed via RDP? It isn't as if the video lag is a relevant factor in benchmarking sub-millisecond response software. Personally, I'd lean toward ssh access to a jumphost myself using key based authentication so you can revoke keys. Then they can just port forward whatever and run most things locally including graphical applications and desktops if that is what is wanted for some reason.

As for the source code not being allowed to leave if there is a way to get in and work with the code there is always going to be a way to get it out. Have them sign an NDA (which you'd want regardless) and tell them the code is not allowed to leave the environment. Working with vi, emacs, gcc etc on a local host isn't much different than working using a remote terminal, the same for x-forwarding a graphical ide it looks and feels much the same as it does on the remote system but when you go to save you get the remote filesystem rather than the local one. If some reason you really need windows (can't imagine why but whatever) you can do pretty much the same thing with rdp. If they execute the binary it is executing on the box they rdp into and talking to these headless servers, not running on their local hosts they are just seeing the results on their local host.

Just take reasonable precautions, both in terms is digital security, legal security, and policy and tell management you've done so and that the source code will not be permitted to leave. At some point you are going to have to accept imperfect ability to enforce, this would be true with the workers onsite as well. No matter how locked down you are there is a way around it even if you pat down employees when they enter and leave. And honestly, most people who break the rules wouldn't actually be doing it for nefarious reasons anyway they'd just be working around your restrictions to suit their personal preferred workflow.

Cloud Rescue?

[Spinlock_1977]

I'll suggest using AWS Workspaces for the desktops - no infrastructure to maintain, and if it goes down, a thousand Amazon engineers will jump on the case. You can also arrange for a VPN tunnel into your datacenter if access to central resources is needed. Suits like VPN tunnels.

Regarding source code, with AWS at least you control the desktops and can wipe them if needed, but the devs will still see the source. Perhaps a strategic division of labour would prevent any one developer from seeing the entire body of source code?

Open another office

[Anonymous Coward]

Why don't you open another office space closer to your team. They might not come to work at your place, but they might go to another place where you could still control the environment. Then hire security personnel to watch them work if you want !

Convince Management

[firewrought]

I don't know your situation. I assume it's not the military-espionage sector but something more akin to HFT or something esoteric in the manufacturing segment.

The raw truth is that it's very, very hard to prevent data exfiltration by a competent software developer who has adequate tools/access for his job. At the same time, it's very, very easy to hamstring a competent software developer and thereby torpedo their time-efficiency. If you're really worried, start with the "edges"--thing like NDA's, copyright/patent agreements, and background/credit checks--stuff that doesn't interfere with day-to-day work. Anything beyond that (change management, device restrictions, copyright headers in source code, etc.) should be more about avoiding sloppiness than about avoiding malice.

The other raw truth is that management frequently believes their software to be more valuable than it actually is. Frequently, the software that it cost you a fortune to build would be nigh worthless to a competitor because integration, customization, and data conversion would make it extremely unattractive compared to improving their own in-house product or buying a commercial product where the vendor is used to making customizations. (Much better in some cases to give your software away [if not open source it]: there are probably a lot of missed opportunities for companies to make their toolset the de facto standard for an industry, reaping money or market influence in the process.) Ask your management to imagine receiving an offer for an illicit copy of their competitor's code. Would they be willing to risk it? My guess is that they'll say "no", and you might want to start job hunting if they say "yes".

Finally, of your two proposals, only onsite work sounds viable. Standing up a fussy/novel telecommuting scheme is sure to frustrate developers [perhaps challenging them to deliberately thwart the system when they wouldn't have given it a thought otherwise]. Moreover, if anything goes wrong [which is very likely], it's your headache and your fault. Don't even mention option (2)... it's just a creative way to get yourself fired. Provide management with option (1) only: if contractors refuse to work onsite, management can think a little bit harder about what their real needs are... updates to the product or [illusionary] control of the source code.

you should rewrite it in node.js

[slashdice]

node.js doesn't block so it's faster than c. And since it's javascript, you can find programmers anywhere. Like that homeless guy holding a "callback(){ return food; }" sign. Underneath the stench is a 10x webscale javascript ninja that can rewrite your code in es6 javascript.

Re:

[Spinlock_1977]

"node.js doesn't block so it's faster than c"

A curious statement.

Re:you should rewrite it in node.js

[plopez]

https://www.youtube.com/watch?... [youtube.com]

I think this is what OP was referring to.

And once fixed it will last forever?

[Peter (Professor) Fo]

You have a POLICY to make, not a one-of decision. Maintenance will be on-going. It's a people problem.

I would have a be-nice-to-good-people policy. Make them feel wanted and respected. That's down to your management. Then if you hire-in an outside company use an NDA (of course) and make it clear this is an ongoing relationship.

Option 1

[mark-t]

If they don't want to do it, then either you need to find someone who is willing to work on-site, or else you need to pay them enough money that they are willing to do so.

If a person lives too far away from where they work for a daily commute to be viable, then they either need to move closer to work or else find a job closer to home, IMO.

(Yeah, I'm a sympathetic bastard, aren't I?)

Seriously, NDAs are the only solution

[gweihir]

Make sure the people are trustworthy, have them sign an NDA and that is it. How do you think really security-critical software gets external reviews? Also, even work on premises would let them steal the important parts of the code if they were so inclined, it is not that hard.

One thing you can do for trustworthiness is look for people and small (!) consultancies that already work with stuff of comparable sensitivity and difficulty.

Oh, and pay really well. Nothing makes contractors care less than being treat

Re:

[gweihir]

You have no idea how the real world works. The only people that will decline for that reason are those with huge egos and typically rather mediocre skills. These are the people that like to be described as "rock-stars". Hint: None of them are.

However, even with an NDA you can get a lot of interesting insights when doing such a job. You can just not use them directly or use them to compete with the business where you had them. But that is the deal any employer with interesting technology has to make. As soon

Sound pretty Zen

[Locke2005]

Is that a Zen koan, like "What is the sound of one hand clapping?" Grasshopper, when you can answer the question "How to work on source code without having the source code?", then, and only then, you will be a true master!

Modularity (Unix "Do One Thing" philosophy)

[im_thatoneguy]

The only option to achieve that through process not physical security is to write everything sufficiently modularly that every module is untrusted and interfaces through documented APIs. This can actually be a good requirement since it should make updating any one feature relatively easy. I know of at least one large fortune 500 company that is rewriting everything on the assumption that the network is publicly accessible. This has the nice side effect that you can actually make it publicly accessible to

Re:

[SuiteSisterMary]

Then, you hire the government to do it, with very frequent breaks to read new policies on toilet paper pools.

Trust me!

[swilver]

You don't trust me with your source, but you do trust me to modify it... interesting!

Anyway, I'd never work for any company that forces me to work with one hand tied behind my back. I'll work for one of the 99 other offers I got instead.

API specifications?

[istartedi]

API specifications? If the suits won't let those leave the building then yeah, it's all got to be on site like others are saying. Sounds like a nice little train wreck you've got going.

One unmentioned possibility - ship hardware

[bugnuts]

Besides an NDA and security policy, you can ship them all encrypted laptops. Disable the USB connectors and external data connectors (physically, with epoxy) except maybe a single encrypted keyboard/mouse device like a logitech unified transceiver glued into one port, and only allow vpn into your systems to run executables. Also install gps tracking software in case of loss.

If you have them work on site, that's not cheap. It sounds like you're in the HST business, and that means probably based in NYC, and that means floorspace is a premium. On site work would cost a minimum of $50-100k/yr per contractor.... those contractors would much rather get an extra $45k per year and work from their own office on a $5k super laptop + keyboard + dual monitors, saving you a ton of money per person and making them happy. Have them pay for their own network, and do remote backups every night.

Re:

[bobbied]

Yea, but you better have the NDA's in place, even if they are working locally. Not that an NDA will keep them from dropping your source onto a USB thumb drive and taking it home....

Do what the Suits want, as much as you don't like it... They sign your paycheck.

Re:

[__aaclcg7560]

If the company has fulltime employees who have never worked with contractors, bringing in a team of contractors will make them feel insecure that the contractors might replace them. This often becomes a hostile work environment, especially if the contractors are being paid more. Fulltime employees who haven't been in the job market for 8+ years are most likely to have issues.

Re:

[PPH]

especially if the contractors are being paid more

And then the full time employees figure that the company has no more loyalty to them. So they figure they need to do something to get ahead financially. It ends up being the full timers that sneak the code out and sell it to the competition. Been there, seen it happen.

Re:

[__aaclcg7560]

So they figure they need to do something to get ahead financially.

Typically, when threatened with being laid off, fulltime employees will announced their intention to draw six months of unemployment benefits to take a vacation and then find a new job. My roommate did that following the dot com bust. He couldn't get back into the industry and took a cashier job with Walmart in 2002. He's still working there today.

Re:

[BoberFett]

If he's still there, that guy probably wasn't much of an employee to begin with. Taking a 6 month break from your career doesn't prevent you from moving out of your WalMart job for 14 years. I've taken several breaks during my career, raning from 6-month to 2-year sabbaticals, and I keep moving up and making more money every time I go back to work.

Re:

[SQLGuru]

You forgot the other bonus that you know the work won't be sent overseas where intellectual property is harder to defend. If you contract out with a company and give them remote access, who's to say that the work wouldn't be done in China where all knowledge is "public". At least by controlling the work environment, you minimize the impact. Provide the consultants with hardware you control (and lock down the USB ports) and restrict them to only certain areas of the network. If possible, even limit them

Re:

[tepples]

when I need them to work here, they work here. I'm paying them

Are you willing to pay a premium for relocation so that they can work with your constraint?

Re:

[Bert64]

There is no such thing as a remote environment that doesn't allow data to flow to the client machine...
All you can do is close off some of the obvious routes, but there are plenty of other routes such as screen dump and ocr, and ofcourse the contractors will retain memory of the system whatever you do.
And even if you have people onsite, you have to go to extreme lengths if you want to ensure there's no way for them to smuggle data in or out.

There really is no substitute for an NDA, plus hiring people you ca

Re:

[Z00L00K]

And 99% of all source code out there uses standard algorithms, the key is that for some unique solutions it's the combination of the algorithms that's the unique thing.

The 1% are those top secret encryption algorithms and their encryption cracking algorithms that various military outfits works on, but they would hardly ask such a question at Slashdot. If the person asking the question works for such an agency then it's time to get a new job.

However the data processed by the code is another issue.

Reasons for

Re:

[Hognoxious]

You're assuming that it's written in a clean, modular way. Or that the task isn't to rewrite it so that it is.

Re:

[TapeCutter]

Subcontractors code, consultants consult. They are different jobs.

There are different levels of software services offered by different companies, in rough order of cost you have....
- The one man act, an employee with few legal rights who costs a bit more than a full timer but can be dismissed on a whim.
- The body shop, a group of consultants that rent out multiple one man acts.
- The coding shop, an external group of one man acts who write code to spec on their own premises and equipment.
- The big

Re:

[TapeCutter]

What's it like to work in a utopian environment?