2

Has anyone heard of Chaperon? is it effective in preventing code theft?

Now i understand that there can be many ways if someone was to steal code and there is nothing that could be completely foolproof, so please don't give me this as an answer.

I want to know how effective this is and how does this utility/software exactly work?

Are there any other tools that are similar to this one?

user481913
  • 1,022
  • 1
  • 13
  • 36
  • What sort of code are we talking about? (language, is it compiled or interpreted) How will it be exposed? – Francis Yaconiello Aug 11 '11 at 15:32
  • interpereted php code, preventing contractors/employees from carrying code back home/transfering code over internet in a place where work ethics are unreliable, difficult to enforce ip laws/prove ip theft – user481913 Aug 11 '11 at 23:11
  • 4
    What you're talking about is copying, not theft. – vipw Aug 16 '11 at 14:08
  • 1
    @vipw: Isn't that splitting hairs? Copying without the right to copy is theft. While it might be tempting to try to prevent this, there are better ways as have been posted: Strategic role separation in the development team, intranet security, etc. Depending on your operation's size, having developers on thin-clients can add an extra level of restriction and control (And can be significantly cheaper than other solutions in the long run). user481913: [NDA](http://en.wikipedia.org/wiki/Non-disclosure_agreement) – stslavik Aug 16 '11 at 19:23
  • Theft of an item from a person entails that the item is no longer available to that person. Since copying is pretty much exactly the opposite – the act of copying leaves the original intact and undisturbed – then it's not theft. It may sometimes be illegal, but to call it “theft” is simply false. – bignose Jun 03 '13 at 02:20

4 Answers4

7

It is the wrong question to ask. See Secure collaborative software development environment in the cloud

Why would you want to work with people you don't trust? The costs of organizing the control needed to make that effective are so large that your efficiency would be too low to survive in the market.

The reason that Chaperon doesn't have much competition is simply that there is no market. Start using it, go out of business fast.

Community
  • 1
  • 1
Stephan Eggermont
  • 15,847
  • 1
  • 38
  • 65
  • 4
    I can't agree enough. How motivated are you going to be to do a good job for your employer when that same employer is saying 'I don't trust you to do your job without stealing from us and I'm going to put up roadblocks that will make your daily working life more difficult because of my paranoia'. I'd imagine the only genuinely secure way to do this would be with one single physical place of work, and monitoring what goes in and goes out. The money had better be good for me to feel like I was working in a prison! – calumbrodie Aug 16 '11 at 19:43
  • +1 , however sometimes you need to teach that copying is wrong. What might be considered ethically wrong at one place may not be true for another place. – user481913 Sep 04 '11 at 15:55
  • To add to above comment what i mean to say is sometimes people don't understand that 'Work for hire' doesn't entitle you to own the work accomplished. – user481913 Sep 04 '11 at 16:29
3

You can't effectively do what you're asking, especially in an environment where you don't trust the people working there.

A proper solution is to build a business model that is robust in the face of someone else getting the software. If as you say the “work ethics are unreliable”, you should count on the software getting spread around anyway.

Don't rely on artificial scarcity of the software – especially if, as you say, you can't trust your staff to maintain that scarcity – instead, rely on being the people who know the most about it.

bignose
  • 30,281
  • 14
  • 77
  • 110
3

One strong thing to consider when implementing any "code theft prevention" scheme is the fact that you're willingly trading productivity for security. The most productive environment for creating and debugging code is an open and easily shared one. This is why there are millions of lines of Open Source code written every year, even though most people involved aren't being paid for it.

Consider carefully whether the increased overhead and costs in terms of developer time is worth the theoretical potential for theft by one of your developers, who is already familiar with your algorithms and architecture, and could probably re-create the code if it was really something worth stealing.

Now, protecting your source code repositories from external access, and protecting your code "in transit" from people external to your development group who might be stealing it really boils down to Network Security, and you'd probably be better off posting it on serverfault.com or superuser.com

Adam Ness
  • 6,224
  • 4
  • 27
  • 39
  • All good replies, however i'm seeking a solution to a problem that exists while fully understanding the consequences/disadvantages as pointed by the answers above. While not specifying exactly what i needed, this answer came close to saying what i was seeking . I believe sometimes you have to balance the approach between being paranoid as well as trusting... Take precaution to be safe but not completely devoid of security to be sorry later. – user481913 Sep 04 '11 at 15:51
1

I think all that can be done is monitor in situations like this. Firewall network. Deny https traffic. So users can not securely upload. Have softwares that email/log when external I/O devices are plugged.

Fire people whom you cant trust if that is an option.

Kalyan
  • 488
  • 6
  • 17