How do corporations protect their projects from programmers or management?

T

Tutucu2018-08-06 16:22:42

Project management

Tutucu, 2018-08-06 16:22:42

Hello, I have a question here. How, for example, does Vkontakte protect its projects from its managers, admin or programmers?
For example, one of the programmers has access to the database, he takes and downloads the necessary data to himself and sells it on the sly to the left person. Or he swears harshly with the manager and, before being fired, deliberately leaves a vulnerability in the code as revenge, then after a while he uses it or again merges it to the left person.
Or here's another: for example, there is access to the database from someone, he takes and changes the data, in his favor. What to do with it?
Or there is a moderator who has access to the correspondence, he finds the profile of the person of interest. He reads his correspondence and begins to blackmail information from messages. How are they protected from this? Indeed, in correspondence, some managers may indicate the strategic plans of their companies and the like.
How do you protect yourself from all this? After all, several thousand people work there, and you can’t keep track of everyone!
I ask just for the sake of interest and curiosity.

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

S

sim3x, 2018-08-06
@sim3x

some of the programmers have access to the database

no, doesn't have

leaves a vulnerability in the code as revenge

no, cross-code review and external audit

who has access to the correspondence, he finds the profile of the person of interest. Reads his correspondence and begins to blackmail information from messages

moderator code of conduct, NDA, company fine

several thousand people work, you can’t keep track of everyone

keep track, AI with behavior analysis, SB

D

Dmitry Dart, 2018-08-06
@gobananas

For example, one of the programmers has access to the database

Differentiation of access to the database. There is no combat, there is only test
So something criminal
The code passes through the team lead, then through the tester sometimes, they look at such things
Blackmail is a crime. There is no access to real correspondence - it is encrypted, let's say.
Do not indicate such plans in open channels. If the manager is a d**k, then what does VK have to do with it?

V

VoidVolker, 2018-08-06
@VoidVolker

Adequate attitude, adequate salary and loyalty to the employee.

X

xmoonlight, 2018-08-06
@xmoonlight

DLP

C

CityCat4, 2018-08-07
@CityCat4

some of the programmers have access to the database

He doesn't have access. There is access to a "simulation model", where everything is "for real", but the data is not needed by anyone.
You can run into Article 183 of the Criminal Code of the Russian Federation Up to seven years with urkagans - do you want to?
Any of the above articles - depending on how the court goes. Again - access to the database, so that without logs - nominal, according to the list.
SMP, analytics, dedicated services in the Security Council. The practice is great - in the USSR there were a lot of closed factories, where phones were wiretapped 24x7 (we know ...)