Did you know that for some products leakage of just a few lines of source code can lead to losses in excess of hundred million, if not a billion dollars annually? These magnitudes of gargantuan proportions. The ramifications of such losses necessitate state of the art security systems at software development offices or campuses.
Must we guard development of these products just as we guard our presidents, bank vaults and museums? In defense we have heard of ground forces, aerospace forces, naval forces, missile forces, coast guard as well as biological and chemical weapon defense units. Perhaps we need something like a strategic source code defence force.
What is source code?
In computing, source code is any collection of computer instructions, possibly with comments, written using a human-readable programming language, usually as plain text. Most often this human readable form undergoes further processing through a process called compilation into binary code, ternary code or intermediate language before they are run by computers.
Their output is not run only by personal computers. Today almost every machine or gadget you can think of is controlled by software. In other words source code controls all of them. Source code runs the world. Some are embedded in secret devices which are not sold. Others can be bought and installed on personal computers and mobile phones.
How much should be spent on protecting source code?
Let me begin answering this question by asking the question: what problems does source code theft create? A myriad of these readily come to mind. Leakage of source code used to control weapons and defense systems can put the security of a nation and its citizens into jeopardy. Armed with the source code that controls weapon systems an adversary would easily bypass the defense of a host country. The adversary would understand the weapon systems better and may even spot loop holes after conducting further analysis.
The second problem source code theft creates follows directly from the preceding section. We spend money on anti-viruses and anti-malwares each year. All that effort would like naphthalene balls sublimate if a mischievous hacker should come by it. The same goes for our computer firewalls. The cost would in this case be at the bearest minimum the value of the data that resides behind the firewalls.
The third problem source code theft creates is financial or economic; not just for software companies and their shareholders but for the nation. For after
all the success and finances of any nation depend to a large extent on the revenue of its industries and the taxes they pay. While it is true that many people can just look at or observe many software products and create the same without stealing any source code it is no secret that many companies and countries have not been successful in their quest to replicate some software or the devices they run. These products are technologically superior built with the very best of algorithms only invented after expending lots of money on research over several years. Source code theft will lead to competition, loss of market share and thus revenue at home and abroad.
Two types of software piracy
We can talk of broadly two types of software piracy. The first is piracy of the finished product. This is what people usually purchase off the shelf or online. That is using a product without purchasing or paying for licensing costs.
The second type of piracy is leakage of source code. This is what is under discussion. This occurs when portions or all of the source code of a product are are stolen or leaked. Unlike other kinds of theft carting the booty away is as easy as pocketing a pen drive with the stolen source code, attaching it to an email or surreptitiously downloading it across the internet.
Bill Gates’ early experience
The problem of source code theft is as old as the electronic computer itself. It is said that Bill Gates had a problem with source code theft in the early 1970s. He is said to have explained to his friends why taking away someone’s source code without his permission was a crime. In February 1976, Gates wrote an open letter to computer hobbyists, saying that continued distribution and use of software without paying for it would “prevent good software from being written.” The letter was unpopular with computer enthusiasts, but Gates stuck to his beliefs.
Many startups have also had to grapple with this problem.
The Decompilation Problem
When source code is compiled the output is often binary but some are compiled into intermediate languages such as .net and java byte code. Intermediate languages offer advanced obfuscation techniques. However, they can be decompiled into human readable higher level languages. Even the most comprehensive obfuscation tools only make the decompiled higher level languages just a little more difficult to understand. Products developed with these tools are reverse-engineered with ease. This presents a problem.
Some may argue that binary or ternary code can be decompiled. That is true. However, machine language or what we popularly call binary or ternary code cannot be decompiled to higher level languages. The decompiled output are not only many lines longer but are also more difficult to comprehend. Therefore whenever possible critical portions of software should be compiled to binary or ternary code.
The Most Comprehensive Plan Thus Far?
Which software development company has the most elaborate security system? One software company hired several security personnel. They occupied every nook and cranny of the building and kept a close eye on software developers and other personnel around the clock. All computers used by software developers did not have usb drives, hdmi slots, cd-rom drives. They were not connected to the internet. Software engineers had to go through metal detectors and other search procedures before getting into their offices. Fearing that some unscrupulous computer programmers would want to capture the screens as lines of source code scrolled cameras and phones were forbidden. Workers entered buildings with smartcards. Security personnel were aided by some of the highest security systems comparable to what banks use.
Strategies for Combatting Source Code Theft
Over the years many companies have come up with strategies for combatting source code theft. Some companies only focus on niche markets in a few countries. Disgruntled workers without ethics easily find market for stolen source code in other countries. These countries usually have different languages and locales all together.
Source code theft falls under criminal law, property law and contract law. English lawyers and judges say “Finders keepers, losers whiners”. This is also true in countries with law based on the old English common law like the United States of America. In simple terms register every valuable property. Whenever you lose anything report it immediately. Before buying anything valuable find out if the item has been registered or reported stolen.
The easiest thing you can do to ensure that nobody steals your source code is to legally register your software company. Register an internet domain for your business. If your source code gets stolen a good samaritan wanting to inform you wouldn’t have difficulty doing so. This also provides a legal basis for arbitration. If you have reason to believe that a company is using your source code illegally you can contact your lawyers and file a law suit. Interestingly, laws vary across the globe. However, there are international software treaties around to guard your business and your investments. Nearly every country on this earth is a signatory to the existing copyright treaties. One software CEO explained that he doesn’t think anybody would want to steal his company’s source code because of the prospect of a law suit.
Many software companies grant only senior trusted software developers access to the full source code. Other employees are allowed to work on minor sections of the source code. Entrust the software into the hands of a few people. Many believe the source code won’t get stolen if this measure is taken. If the source code gets stolen identifying the perpetrators wouldn’t be too difficult. Others ensure that those who work on the source code are given an ownership stake in the company. That way when the source code is protected all benefit.
You can follow the example of the CEO we cited earlier. Install the most elaborate security system. Search software engineers (developers) and make them go through metal detectors. Ban cameras and phones. Let computer programmers work on computers without drives or hdmi slots.
Working with global software and ecommerce giants is one sure way to protect your investment.
The Difference Between Open Source and Closed Source Code
Closed source refers to source code considered proprietary. They are considerd so valuable and strategic that none other than the relevant workers within an organization must have access to them.
There is another movement called the open source movement. Open source code is code that has been made freely available to the general public under a number of licensing schemes. Why would a company develop software and make the source code freely available? A company may want to make its source code open source in order to get free contributors from around the world or to get help in identifying a bug. Other software companies rely on a revenue model which revolves around the source code but not the sale of the source code, the software itself or what has come to be known as fremiums.
Boachsoft Lowrider 2016 is an excellent repair shop management software as well as an excellent work order management software. Boachsoft also makes an excellent landlord software (property management software).
Credit: Yaw Boakye-Yiadom , Boachsoft Founder and CEO. All rights reserved!
Yaw Boakye-Yiadom is pronounced [Yiaw Bwachi – Yiadom (chi as in chill)]
