2

I am looking for a secure collaborative software development environment, such as Chaperon, that works in the cloud. It should prevent code from being copied-pasted out of the environment, and it should take all measures to prevent, detect and deter IP theft. It should, of course, include all usual IDE tools for subversion tracking and debugging. Any suggestions?

André Levy
  • 280
  • 2
  • 13
  • You're looking for an online development environment? – Cody Gray - on strike Dec 25 '10 at 10:06
  • Yes. I simply want developers to be able to log into and work inside the development environment running on the cloud from wherever they might be. At the same time, I want to retain all usual security measures one has in a local environment, i.e. prevention, detection and remedial controls over download and communication of code and data. – André Levy Dec 27 '10 at 09:11
  • Note:I am one of the co-founders at http://pinemango.com Pinemango offer full-fledge online coding environments that are accessible from a browser. It's also enabled with collaboration feature if desired. With regards to security - It's possible to put in the desired access restriction manually in the environment before giving access over to the developers. – Ming Tsai Sep 11 '13 at 05:44

1 Answers1

2

The costs of doing so are mostly far too high, and there are serious questions about the capabilities of systems such as Chaperon to withstand real attacks. Security by obscurity has a very bad name, and Windows-based systems have too little control over their environment to be secure against professionals.

It is a lot cheaper to simply hire a good local team and make them want to continue working for you.

Please note that I do not mean the costs of buying a system such as Chaperon, but the costs of operating it and not being able to cooperate effectively. The inefficiencies of development easily cost you a factor 10 in development time when compared to using a modern agile development process.

In such a restricted environment, requirements need to be detailed and documented too early far more rigorously. This is mostly waste (in Lean terms). Decisions should be made as late as possible, in order to make maximum use of gained insight.

The restricted visibility of the overall picture also makes it very difficult to refactor and optimize the architecture and code, so you're likely to end up with much lower quality code.

Stephan Eggermont
  • 15,847
  • 1
  • 38
  • 65
  • Thanks for being candid, Stephan. 1. Do you have any links for those questions regarding Chaperon? Cheers. – André Levy Dec 27 '10 at 09:14
  • I truly only need the secure CSDE for the very top functionality, mostly around data analytics using high-level language. This will sit on top of other software infrastructure, which also needs to be secure, but for which IP is less important. – André Levy Dec 27 '10 at 09:25
  • Doing the top level data analytics off-site is bad process. That needs to be done by CEO/CFO staff. Secure outsourcing that means getting wrong answers later. Correctly writing down the analytics requirements takes as much time as programming them. – Stephan Eggermont Jan 01 '11 at 10:32