保护代码免受其自身开发人员的攻击[英] Protection of code from its own developers

本文是小编为大家收集整理的关于保护代码免受其自身开发人员的攻击的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

本文来自:IT宝库(https://www.itbaoku.cn)

也许保护公司知识产权免受其开发商的最明显方式似乎是NDA - 非披露协议.这种方法的有效性可能会有所不同,具体取决于许多因素,有时或某个地方可能无法正常工作.

除了这种纯合法的方法外,还有哪些其他方法可以保护软件代码免受开发的人的侵害?它们根本存在吗?在实践中是否有意义?

例如,例如,Visual Studio的团队版本已经包含与此问题相关的某些功能(例如,访问代码部分的级别,取决于开发团队内部的角色或类似的角色)?

主题引用:

正如统计信息所说,平均而言,程序员倾向于每三年更换一次.

推荐答案

尝试建立一个可以信任的团队.

其他推荐答案

第一种方法是强迫程序员只知道其他组件的接口,以便每个组件只能窃取整个软件的一小部分.这种方法可以从鞋类生产中借用.一个跨国公司为了防止员工偷窃,安排了其工厂,以便每个工厂仅生产左或仅右鞋子.您可以对代码做同样的事情:有些程序员只用奇数数字编写行,而另一些则用偶数数字编写.只要他们看不到彼此的工作!有时被称为" 配对编程.

一些组织迫使员工签署非竞争协议.这就是阻止程序员为竞争对手工作的一种协议.该技术最好与"在类似领域的5年经验的高级程序员"之类的工作发布.

.

为了防止程序员窃取,您一旦完成软件就会对他们造成伤害.该方法证明自己是最有效的,并且已经使用了几个世纪.例如,俄罗斯Tzar Ivan是建筑师的可怕眼睛,该建筑师在红色广场设计了一座美丽的教堂,因此设计的是有史以来最美丽的教堂.您可以对建筑师做这样的事情.我听说,最新的Visual Studio包含一些功能...

如今,雇用已经失明并且已经失去了双手的愚蠢的人,这样他们就无法查看您的代码来记住它,无法告诉任何人您的代码,也不能输入输入再一次.优势在于,这将帮助您与您所在国家/地区的劳工机构打交道,这会保持平衡,即您的员工没有受到歧视.

是的,这篇文章是一个讽刺的笑话,它批评了任何预防措施的想法.抱歉,忍不住要发布它.

其他推荐答案

您如何保护发电厂免受员工破坏性的侵害?您如何防止拳击手投掷战斗?您如何阻止妓院分发拍手?

您的关注虽然有效,但只能通过团队内的个人责任和问责制来正确解决.您采用的任何选择保护代码免受盗窃的方式可能弊大于利.如果您觉得团队成员不值得信赖,请摆脱它们.

本文地址:https://www.itbaoku.cn/post/1537574.html

问题描述

Perhaps the most obvious way of protecting a company's intellectual property from its own developers seems to be an NDA - Non Disclosure Agreement. Effectiveness of this approach may vary, depending on many factors, and sometimes or somewhere it may not work as expected.

What other approaches, apart from this purely legal one, exist for protecting software code from the people who develop it? Do they exist at all? Does it make sense in practice?

Maybe, for example, Team Edition of Visual Studio already contains some features related to this problem (for example, levels of access to parts of code, depending of role inside a development team or something like that)?

Reference on the topic:

As statistics says, on average, programmers tend to change their job every three - four years.

推荐答案

Try to build a team you can trust.

其他推荐答案

The first approach is to force programmers to only know interfaces of other components, so that each one can only steal a small part of the whole software. This approach can be borrowed from footwear production. One transnational corporation, to prevent stealing by employees, arranged its factories so that each factory produced only left or only right shoes. You could do the same with your code: some programmers only write lines with odd numbers, and the others--those with even numbers; provided that they can't see the work of each other! That's sometimes referred to as "pair programming".

Some organizations force employees to sign a non-compete agreement. That's the kind of agreement that prevents programmers to work for competitors. This technique is best combined with job postings like "Looking for senior programmer with 5 years of experience in the similar field".

To prevent your programmers from stealing, you can do harm to them as soon as they finish the software. The method proved itself as the most efficient, and has been used for centuries. For example, Russian Tzar Ivan The Terrible burned eyes of the architect that designed a beautiful church at the Red Square, so the one designed remains the most beautiful ever. You can do something like this to your architect. I heard, latest Visual Studio contains some features...

Nowadays, however, it's more humanistic to hire already blind and already dumb people that lost their hands, so that they can't look at your code to memorize it, can't tell anyone about your code and can't type it again. The advantage is that this will help you dealing with labor agency in your country, which watches for balance that your employees are not discriminated.

And yes, this post is a sarcastic joke, which criticizes the idea of any code-stealing-prevention measures. Sorry, couldn't help posting it.

其他推荐答案

How do you protect a power plant from sabotage by an employee? How do you prevent a boxer from throwing the fight? How do you prevent a brothel from distributing the clap?

Your concern, while valid, is one that can only be properly addressed by personal responsibility and accountability within your team. Any options you employ to secure the code against theft is likely do more harm than good. If you feel a team member is not trustworthy, get rid of them.