In today’s world with malware and increasingly persistent hackers, it is essential that software developers have transparent protection over their source code at all times. Source code protection is vital to the health and success of a business. All businesses should strive to prioritize source code protection to a full extent. There are many ways for businesses to try to improve their source code protection. These include using legal and copyright methods, restricting access, encrypting, and monitoring source code at all times.
Legal structures of protection are fundamental in order to build strong disincentives to source code theft. There are both federal and state laws placed to protect trade secrets in the United States by the Economic Espionage Act. One legal action that can be taken to protect source code is by having a utility patent. The utility patent grants its owner the right to exclude others from making, using, selling, or importing the owner’s intellectual property. Instead of just protecting the underlying code, patents protect the owner’s software product. Because the patent protects the owner’s intellectual property it, therefore, protects the underlying code as a whole. Patent protection is essential to have because the owner is able to sue anyone who attempts to infringe their source code.
Another way owners of source code can strengthen their enforcement of code ownership is by using copyright protection. Generally, copyright is the favored form of IP protection for software. Copyright is commonly assigned to the owner of the source code automatically. Copyright registration ensures the source code owner to sue for infringement. Another benefit of this method is that it allows the copyright holder to recover from statutory damages and attorney fees from the infringement. By registering for copyright, source code theft decreases.
One of the most straightforward ways in which source code can be protected is to simply restrict the number of members that can have access to it. Based on specific roles, source code should only be accessible to hands-on and high personnel members. There have been many instances with insider threats being the most common in source code theft. By limiting access, the chances of code leaking will weaken.
Another important method to keep source code protected is to encrypt and monitor source code at all times. Encrypting source code at all times will ensure that it will be protected from prying eyes. Only members that are allowed access will be able to view the source code which will limit the chances of theft. Source code monitoring is fundamental in order to be alerted when any suspicious activity comes to light. If this occurs, the theft can be quickly limited, reversed, or most importantly, have prevented the damage from being done. Monitoring is also required in order to be able to document everything. This will provide evidence if source code theft occurs.
To ensure source code theft, developers should look at SecureCircle’s Data Access Security Broker. Source code is secured at all times and this security is persistent no matter where the data goes or accessed. SecureCircle’s technology transparently tracks every action taken on source code which turns everything into an auditable event. Source code theft is currently still on the rise so by utilizing DASB, developers will be able to prevent it.
A publicly traded Cyber Security Company (CSC) located in Silicon Valley, with 50+ in-house software developers and 100+ contract developers from several 3rd party consulting firms. CSC is also a Gartner Magic Quadrant leader, with over 3,000 customers in more than 80 countries.
CSC needed to ensure that their source code was not stolen or lost. A costly virtual desktop infrastructure (VDI) solution, was implemented to prevent misuse and add accountability for developers working with source code. This was met with resistance from their developers. They were extremely limited by VDI. Developers struggled with simple tasks like copying/pasting, taking screenshots, and collaborating. Despite employing VDI and other defense in depth strategies, source code was still lost. The scale of misuse is still unknown.
See how SecureCircle's DASB was able to solve this customers issue.