Answer the question
In order to leave comments, you need to log in
How do IT companies ensure the safety of source codes from theft?
I'm more interested in giants, such as Google, Microsoft, Oracle, Yandex, etc...
I guess industrial espionage for many is not some kind of revelation like the existence of Santa Claus, and therefore the question has a place to be. Given the specifics of distributed systems and the large number of personnel involved in development, one way or another, some part has access to large blocks of source code that could be merged to the left.
I am aware of the protection of data centers, the destruction of disks, the access hierarchy. But what about the controllers themselves and those who distribute software to servers?
What didn't I learn? thanks for answers
Answer the question
In order to leave comments, you need to log in
I think that protection is only for some key components.
In most cases, leaking sources is not as bad as it seems at first glance. In addition to the source code, the company has:
1. Necessary infrastructure. This includes not only hardware, but also the software ecosystem. Usually, different services of large companies interact with each other and, as a result, are closely connected. For example, authorization system, search, high performance computing platform, data storage platform. It is unlikely that you will be able to take and deploy a ready-made individual product just like that.
2. Developers who are familiar with the code (I have no idea how much resources you need to spend on analyzing the source codes of the same Google mail). While competitors will be analyzing the source code, the owner company is already implementing many new features.
Worse, when algorithms leak (for example, the ranking formula). It can be used not only to achieve a competitive advantage, but also to dishonestly use the finished system for your own purposes (raising yourself in the issuance). And to implement the described algorithm is often faster than understanding its specific implementation.
And in general, it is better to trust developers (as well as testers, admins and other employees). It is unlikely that in an atmosphere of distrust it will be possible to create something good.
Not an expert, just my IMHO:
1. Separation of duties (someone deals with one block, someone else)
2. Banning all removable media
3. Data Loss Prevention system
4. Administrative measures.
There are general considerations on this topic:
- Everything that can be patented, licensed, registered - is patented (discoveries, technologies, inventions, algorithms, trademarks, industrial designs, and so on and so forth), the right to issue licenses is acquired, registered;
- Security measures are applied at the enterprise - including (as mentioned by other participants in the discussion) access control, hardware protection, contractual restrictions (non-disclosure agreement), appropriate personnel policy.
With significant (read, almost infinite) material resources and legal services of an MS-ranking office, Google and others like them, the probability of theft will be a trivial event (absolute 0). The only thing they can't cope with is the state powers of the superpowers - the same NSA, FSB and others (if they decide to "steal" something from them).
If MS takes "you" to court, then all your activities will be paralyzed. If you (even in essence and with evidence) accuse MS of piracy and sue them, then the maximum you will achieve is material compensation (MS has functioned as it will, and no one will say that MS is a pirate office, although using all the same criteria for it and knowing that MS repeatedly borrowed codes from other developers - MS is a pirate company).
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question