
Ask HN: How to prevent code leakage by employee(s)? - westoque
Given the recent code exposure of the company Bilibili[0], I wonder how people here do steps to avoid such things from happening.<p>[0]: https:&#x2F;&#x2F;technode.com&#x2F;2019&#x2F;04&#x2F;23&#x2F;bilibili-source-code-leaked-on-github-containing-usernames-and-passwords&#x2F;
======
Gibbon1
The reality is mostly this is a legal issue not a technical one.

And 90% of the time source code itself is very much worthless to anyone
outside the company. By the general rule 90% of everything is crap.

The other 10% of the time. You need to block things like github on work
networks an make it clear that employees will be canned if they are caught
copying sensitive info.

~~~
bifrost
You can solve some of the issues via technology but they can hinder your
employees. Basically you have to get people onboard so that you're working
towards a shared goal, and that doesn't happen a lot... Security management is
a real pain.

------
__d
If your concern is theft of proprietary source code by employees, there are
really only two things you can do:

1) Change to an open source model so there's nothing to steal

2) Treat your employees well, so there's no desire to steal

I've worked at companies who see this as a problem. They take a two-pronged
approach: removing opportunity, and enabling detection + punishment.

They filter and scan all Internet access, whitelisting only sites and services
that they trust not to have upload functionality (ie. no GitHub,
StackExchange, etc).

They disable or remove all removable storage from their PCs and OS images (no
CDs, no USBs, no Bluetooth, no Wifi. Desktops are thin clients logging into a
Citrix VM).

Phones, cameras, MP3 players, and any other electronics must be left in your
locker, and you're scanned (like at the airport) on your way into your office.

But there's nothing you can do about what's in people's heads.

Needless to say, these are horrible places to work. Aside from everything
else, it's an absolute productivity killer to have no access to the Internet
when coding.

Generally, there's no secret sauce anyway. Source code is only valuable in
aggregate, as an expensive and time-consuming thing to build. Stealing one
file or one function is typically worthless, which is lucky because it would
only take a few weeks to memorize and recreate it, a few lines at a time,
anyway.

------
bifrost
The easiest way is to use GitHub Enterprise. If thats too expensive, use
GitHub CE. Both can be run in AWS cheaply and securely especially if you
require VPN access to your VPC.

~~~
westoque
Sorry if my response my sound naive, but can't anyone just clone/copy the code
in GitHub Enterprise and compress and release anywhere if one wanted to?

~~~
bifrost
You could, but it'd be harder to do accidentally which is where most of the
GitHub databreaches happen.

