How to manage a Closed Source High-Risk Project?

Question

I am currently planning to develop a J2EE website and wish to bring in 1 developer and 1 web designer to assist me. The project is a financial app within a niche market.

I plan to keep the source closed. However, I fear that my would-be employees could easily copy the codebase and use it or sell it to a third party. The app development will take 4-6 months, perhaps more, and I may bring in additional employees after the app goes live.

But how do I keep the source to myself. Are there techniques companies use to guard their source?

I foresee disabling USB drives and DVD writers on my development machines, but uploading data or attaching the code in email would still be possible.

My question is incomplete. But programmers who have been in my situation, please advice. How should I go about this? Building a team, maintaining code-secrecy,etc.

I am looking forward to sign a secrecy contract with the employees if needed too. (Please add relevant tags)

Update

Thank you for all the answers. I certainly won't be disabling all USB ports and DVD writers now. But I think I should be logging activity(How exactly should I do that?) I am wary of scalpers who would join and then run off with the existing code. I haven't met any, but I have been advised to be wary of them. I would include a secrecy clause, but given this is a startup with almost no funding and in a highly competitive business niche with bigger players in the field, I doubt I would be able to detect or pursue any scalpers.

How do I hire people I trust, when I don't know them personally. Their resume will be helpful but otherwise trust will develop only with time.

But finally even if they do run away with the code, it is service that matters after the sale is made. So I am not really worried for the long term.

Answer 1

You need to trust your developers.

Virtually all professional developers won't steal your source. It's understood that if you work for somebody else, it's the employer that owns the code that you write. Developers might copy code for reference purposes, but it's highly unlikely they will offer it for sale to anyone else. If they did offer it for sale to a new employer then the likely outcome is them being shown the door and possibly even arrested (as Bob Murphy points out in his comment). Getting caught isn't worth the risk.

More importantly, distrust breeds distrust. Disabling USB ports and DVD writers will engender a feeling of distrust which will, paradoxically, make it more likely that the developers will copy the code.

By all means add a secrecy clause to your contract, but it's probably unnecessary to highlight it as the most important part of the contract.

Answer 2

If these programmers can write the software in the first place, then...

THEY DON'T NEED TO STEAL IT.

They can just simply rewrite it in a fraction of the time it took to originally develop it. Yes, it's true, developers aren't complete idiots... once they figure out how to do something, they can often remember how they did it.

So, I guess you're just going to have to trust them, or write the software yourself.

Answer 3

I've heard it said that no idea on its own is worth more than $20 (and that's Canadian dollars!) The idea only has value if it is executed well. Even if it comes to them stealing the code and trying to make a go of it themselves, odds are you have a better idea of what the next steps are, and more contacts with prospective buyers of the software.

You should definitely only hire people you trust, but even if they steal your code and try to sell it, they are unlikely to get very far.

Answer 4

If this is some sort of startup, then the number one thing you need to do is get a product built. You need good developers who will work hard and be dedicated to the project.

One really easy way to get rid of them, or at least to sap their morale and dedication, is to show them up front that you don't trust them. In fact, they're likely to start thinking of ways they can get the code out (although they almost certainly won't follow through), and if they can come up with a way they'll think you not only paranoid but stupid. (There are organizations where this level of caution is justified, and a financial website startup will not be considered one of them.)

A few clauses in the contract about how the software is your property will be fine. If somebody will violate that, they'll violate any more severe language you've got, and probably feel more justified. Non-compete clauses that aren't narrow and time-limited will just chase off the people you want, and may in fact not be legal in your jurisdiction (consult a local lawyer to find out).

If you hire good people, they can rewrite the software later. If you hire beginners, they won't know how to further develop what they walk off with, and anybody building on it will be running serious legal risks to come in late with an inferior version of what you've got.

In short, this should be way low on the things you worry about. If you hire bad people, you're sunk no matter what. Concentrate on hiring good people and let this slide.

Answer 5

The hard truth is that nobody wants your code. You may think that you develop a solution everybody wants to know how it works. But more often than not you don't.

What would you do if you took over the source code of your competitors? You can't distribute it. You can't copy any parts of it into your project (even if it wasn't so hard to integrate thirdparty code into your codebase). What you can do? You can study it. But often it's harder to read the code than to write it in the first place.

Look at the open source software. It is a closest analogy to a stolen source code. There is a vast amount of unmaintainted code. A large portion has a license that doesn't suit your needs. Others has incompatible programming language or needs porting to your platform. The code which suits your needs will take plenty of time to read.

There are many open source projects with a closed source mentality. I.e. they don't accept patches. Soon enough your version of code will deviate so much that it would be impossible to merge new versions.

You should understand that what's the most valuable is your team who maintains your code, moves it forward. Not the code itself.

Answer 6

Why should your potential customers trust you with there finances?

After all you may run off with the money.

Companies like Microsoft, Google, IBM employ thousands of people to write reams of closed source software, and, are not unduly worried about their staff walking off with the code. Copyright protection and a clear "any code belongs to your employer" clause in the employment contract seems to cover it, and, court cases against former employees for stealing code are extremely rare.

Furthermore once you release your software to the wide world, unless the core involves some really advanced math, any competent team of programmers could reproduce your application without ever seeing the source code.

Answer 7

As others have mentioned, this primarily seems to be a people concern.

However, there are a number of major security vendors who market software solutions to data leaks:

• http://www.symantec.com/data-leak-prevention
• http://www.mcafee.com/us/products/total-protection-for-data-loss-prevention.aspx
• http://www.trendmicro.com/us/enterprise/data-protection/index.html
• http://www.cisco.com/en/US/netsol/ns895/index.html
• http://www.emc.com/security/rsa-data-loss-prevention.htm

I can't comment to their effectiveness or appropriateness as I have limited experience with these solutions, but just thought that it might be helpful to point this out.

Answer 8

Honestly, like everyone else said, you just need to trust your programmers.

However, I will add to that by saying you should really consider that open sourcing your project in today's environment is more likely to help you than to hurt you, with the exception of a few specific markets. Just being more open to the idea will make you less worried about your source code growing legs and running off, even if you don't do it yourself. Garner all the goodwill you can, and you're more likely to earn money, in my opinion. Even if the Empire offered the best app in the world, I don't think Luke Skywalker would've downloaded it, because the Empire's ideals were in the wrong place.

Answer 9

Dated question but still not totally irrelevant. Rather than being paranoid about code theft/resell, NDA is a balanced approach. Here is a sample Non-Disclosure Agreement.

See section "Obligations of the Parties" and "Consequences of Breaching the Contract". These can of course be edited to suit your purpose. That's probably the best you can do. Hope this helps somebody.

https://relevant.software/blog/how-to-write-an-nda-for-software-development-template-included/