Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Why aren't company code leaks prevalent?
3 points by iamwil on Oct 11, 2023 | hide | past | favorite | 5 comments
With everyone using a distributed source control like git, employees have a copy of the code locally on their laptops. Why aren't code leaks more prevalent?

For some businesses, it could be that the code is not most important, but the data.

Or maybe it's because legal ramifications deter developers to share private corporate code?

Or because a code base is continuously evolving, so it'll soon be outdated?

I've been looking at the historical accounts of adoption of Git, and one objection I don't see is that employees will have a copy of the code, and that might be a source of leaks for company secrets.

If you remember that era of git adoption (2008-2011 ish?) and you got a anecdote or theory, I'd love to hear it.




There is state-sanctioned industrial espionage happening to a number of Western companies manufacturing critical software. Some countries influence emigrants to steal corporate secrets (including code). They are instructed to download company data using whatever means possible. I know of a company that began isolating parts of the business located in those countries to minimize the risk of data exfiltration.

One theory I've hard as to why cloud development environments are becoming more popular is that it's easier to monitor nefarious activity in a cloud environment versus a work-issued computer. For example, flagging large downloads of entire repos to one's local network. These environments reduce the attack surface vector and make it easier to set up monitoring for the remaining surface.


1. Code for an enterprise stack is useless without the infra to run it.

2. There isn’t a ton of incentive to leak it. Companies have deep legal pockets making the downsides large.

3. Code alone is rarely the differentiating factor between two companies.

4. Open sources means that parts that are generic are already shared.


1. Only if we're talking about a big company being the source

2. How can a company prove that you were the one who leaked it? hell you can sell the code anonymously.

3. Unless the dev is a junior or sucks, he should have access to information about the strategic vision or the slides detailing this and other interesting info


they just need the algorithm, the rest is window dressing


Most industrial and other espionage is not done in public, Wikileaks was an aberration, a way to launder intelligence, hence those interested in the public good abandoning Julien around the time he got into word games about the different types of sexual assault.

People steal code to write exploits, not to create rival companies.

If you're trying to ratfuck someomeone, you're quiet about it until they're dead or in prison if you're doing it properly, and if it's for money, then you take your winnings and silently retreat, not throw what you stole onto github like you're gunning to be the next Paul Le Roux.

(There are chaotic good hackers with dark sides too -- it pains my heart I used to respect Julien, for I too enjoy crushing bastards. I wish him the best, but he refused to harm the ones harming America in ways that went from arguably rightful wanking against nuclear killers to... pure sadism and an ever present need for narcissistic supply in line with the types he claims to abhor.)




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: