
Ask HN: What do companies do to protect source code? - johnhkg
Yes, there are NDAs and legal agreements to discourage rogue employees from sharing source code in the public.<p>However, do they have specific processes to ensure that employees don&#x27;t have full source code on their machines &#x2F; laptops ?<p>I have read that some companies like Facebook and Google don&#x27;t allow employees to check out code on their laptops. Code is checked out on developer servers and employees connect to these to work.<p>We need a similar setup in our company, and are looking for pointers to how we could build one.<p>Are there are any products or open-source projects which help in this ?
======
kevinSuttle
No, your source code is not a "crown jewel" or a "trade secret". Without
people, infrastructure, environments, and keys, it's just a load of text
files.

This is a myth propagated by engineers who overvalue their work.

Also, Google only has 1 REPO, which everyone in the company has access to.
[http://www.wired.com/2015/09/google-2-billion-lines-
codeand-...](http://www.wired.com/2015/09/google-2-billion-lines-codeand-one-
place/)

I love this response as well: "Assuming you are using Git, that means every
developer you employ is running around with a complete repository history of
your source code on their laptop. They probably also have internal documents
regarding design, product management, etc. Many of them probably use a cloud
backup service like Mozy/Dropbox etc. I don't think Github is the weakest link
in this chain. That aside, source code is typically far from your most
valuable asset, especially if you're a SaaS offering like many startups. What
could a competitor do with your code, absent your people and your branding?
Even if it were, Github would probably be the least of your security
concerns."

[https://www.quora.com/Do-any-startups-use-GitHub-as-a-
reposi...](https://www.quora.com/Do-any-startups-use-GitHub-as-a-repository-
for-their-private-proprietary-code/answer/Joseph-Ruscio?srid=8yD&share=1)

