6

I'm curious after reading today about a minor code leakage from a large project to some blogs & forums (to say it short: the guys forgot to anonymize the code before asking for help), all detected and (angrily) complained by the customer who reasonably wanted to protect the IP they paid for.

First of all, I know it's a good practice (correct me if I'm wrong), when required to disclose code to public sites in order to ask for help, to take appropriate anonymization measures, like renaming in all snippets something like com.thecompanyiworkfor with com.somecompany or com.bank.MortgageRiskCalculatorClass to com.somecompany.SomeGenericRiskIndicatorClass and so on...

Now, suppose I would like to find out if and where (and maybe who, but it's not important now and it's not part of the question) the originally restricted code was leaked in order to properly react (read "send all the guys an email telling either they delete/clean posts or something bad will happen to the culprit", haha).

I suppose that a good way could be googling something unique that you could find in the code. For example, if I worked for Inintech I would try to google for com.inintech to see if somebody was stupid enough to paste code full with import/using directives.

It's not a comprehensive method, it's based on the assumption that someone is better trying to protect the binding between company and code (ie. for security by obscurity reasons, public image...) rather than preventing intellectual property from being freely available to the public.

My straight questions are:

Do you know/think there are other good practices to perform such investigations? How would you do that if your boss asks to find if someone leaked the company's code? I don't think someone would ever try to google for an entire source code file in one query string :)

Do you know if there are companies performing such investigations? If so, what could you tell me about them more than their names, like the way they work?

Community
  • 1
usr-local-ΕΨΗΕΛΩΝ
  • 391

3 Answers3

2

There are softwares used by teachers to detect plagiarism in the works of their students. Maybe this can work with code too. However, be cautious to avoid divugate yourself the code by using an unreliable software ...

Clement J.
  • 411
1

Ultimately I cant see any damage that has been done. So a small number of techie saw your companies name is a block of code, big deal.

If you make a huge fuss over this it will alienate your staff and discorage them from using internet resources like SO. That really will damage the company.

My advice would be act as if you haven't seen it. Since it seems to bother you, if you do happen to find out exactly who is doing it then send them a private email asking them to take more care but go no further. Dont waste time and resources finding out who it is.

EDIT: This advice is only relvent if your company is developing internaly not for clients. See the comments below.

Tom Squires
  • 17,835
0

Unless you're finding someone actually stealing code and developing their own product on your work it's pretty much a waste of time. The internet is like a big coding cook book already. Finding snippets and code pieces that fit into your own puzzle isn't that hard. Optimization to make it fit into your own project is the hard part.

Writing software is easy. Writing easy software that performs well is hard.

As long there is no actually leakage of private keys in any matter involved I'd rather not care.

Andre Fly
  • 1