-1

I have someone interested in purchasing my Rails app (2.3.18). It requires updating (obviously), and now it's a question of the cost of updating versus rebuilding from scratch.

If the buyer wants to have third-party developer review the code to determine this effort and estimate costs, is there a way to allow this developer access without losing control or granting unsafe access?

KDP
  • 634
  • 1
  • 11
  • 31
  • Isn't this the same as hiring *anyone* to work for your company? Surely you should follow whatever procedures are in place for all other staff members. Anyway, this is more of a legal question than about software - so I'm voting to close. – Tom Lord Sep 30 '16 at 11:34
  • 2
    Why not just provide a laptop to the developer while they perform the review in person? That way you can supervise them during the code review. – Stewart Sep 30 '16 at 11:38
  • Why not perform a full body search for hidden memory devices, and have them work on an air-gapped network? (Or, why not apply a certain level of trust - like you all normal employees receive?) – Tom Lord Sep 30 '16 at 12:39
  • Unfortunately, there's no company except for myself. I hired a contract developer to build my web app years ago and have built some features on my own since then, but I'm very inexperienced in Rails / security. I'd like to let a potential buyer and his dev check the app to see what it would take to update it if necessary (like taking a used car to a mechanic before buying.) Hoping there's a way to allow the dev to evaluate without revealing passwords or my users' private information. Don't know if a full code review is needed or if some snippets would do the job. Appreciate your ideas. – KDP Oct 04 '16 at 12:55

1 Answers1

0

You could use a codereview tool like Crucible. This makes it harder to steal code, but not impossible (I do not see how to prevent that). It will only disclose code, but not data (like the passwords you mentioned). Tools like these can be paid monthly.

I would recommend a full code review. Unless you can pinpoint specific functionality that they want to use.

Also, as mentioned, make sure you have your paperwork (contracts, non disclosures etc) in place.

nvugteveen
  • 496
  • 3
  • 6
  • I chatted with the team for Crucible, and this looks like a promising solution. There's no way to protect the code from being copied, but I can more selectively choose snippets to share. Thanks! – KDP Dec 13 '16 at 16:43