Hi everybody
I'm starting a .NET project and my developers have their own laptops. How can I prevent the developers from taking the source with them out of the company?
Edit:
Can I setup Team Foundation Server in such a manner that every uer have only access to some source code files?
You can't... once you lose physical control you've lost the battle to keep information safe.
You really can't do anything about that. Source code is after all just plain text and nothing will prevent them from copying it over. Likely the only option you really have is legal venues for ensuring your source is not abused.
I would imagine such an effort would be futile. Best to pursue this legally.
You can't.
If people have access to any of the internet, email, instant messenger, USB ports, networked laptops, then it's impossible to prevent them taking the source by physical means. And no developer worth their salt will agree to work without those things.
All you can do is ask them to sign an NDA which means they can't disclose the code publicly (though of course it can still 'leak' anonymously) and trust them to do the right thing. After all, you're trusting them to build your product.
Can I setup Team Foundation Server in such a manner that every uer have only access to some source code files?
The best way to prevent developers is to either have:
Source code control that locks files at check-out and that a user can't checkout a whole project
Great developers that are of high moral fiber (with great working conditions)
It's just a shame that the first option is counter productive (as they can't build the system for themselves to smoke test) and the second option is impossible for some companies.
By not letting them use their laptops at work, and don't have an internet connection, and don't let in/out any writable storage media of any kind (floppys, CDs, DVDs, memory sticks...).
I would rather go for some kind of source code protection policy to keep the source code from getting in the wrong hands, instead of implying that the developers are the wrong hands...
Short Answer You can't
Long answer - gain some trust, not everyone is out to get you or your IP. I've seen companies flatter themselves over IP that frankly has little to no resale value on the open market. Not saying this is your case, but yeah, have a little respect for the developers.
You could consider some virtual development enviroments. This way the files never leave the company servers.
Everything you do to try and stop developers walking off with the source code is going to do nothing but slow your development team down. Don't waste your time. If you don't trust your developers then hire new ones you can trust.
I'm currently working in a company that is trying to do something similar. We used to be fairly lax (maybe too much so) with access to our source code until we were bought out a couple of months ago. Now we have to jump through all sorts of hoops to get at the code and all it has done is slow us down development wise. The code is actually less safe now because we were denied access to our VPN from home in case we 'stole the code'. The result? - we now all carry the entire trunk around in USB keys in our pockets so that we can actually do our job at home and on-site. The code can now be left accidentally on a train, a taxi, or on the desk in plain view of our competitors working at the same site. Ridiculous.
This is actually the first company I have worked for where the code has some real commercial value. I could easily sell it to a competitor for 50k or so if I felt like it. I wont, and neither will any of my colleagues. Our honesty is the only real protection my company has for its source code, everything else they try to implement just annoys the developers - who may then think about jumping ship to the competition, which would be a disaster for the company even without us taking the source code.
You can prevent your developers from bringing the source code home only be closing access to it. So that nobody can work on your project.
This is going to be ridiculous environment: no trust in a team. The worst thing that can be.
But this is valid concern to protect your Intellectual Property. The most common thing is to just sign an NDA.
So:
Cheers.
Trust your team or fire them. If you can't trust your team then I would give up trying to produce software with them.
I often take source code with me home If I think I'll need to use it again some day.
I have a nice library of code snippits that I take with me from job to job so don't be supprised if those same developers bring code to your company that they've written elsewhere and save you time by doing that.
Keep in mind that I only keep code that won't violate IP. I'm talking about basic routines, nothing ground breaking.
To answer your question, you can try an approach that Microsoft takes with its windows kernel developers.
Sit them down on work stations that are disconnected from the internet, no email allowed and screen them for portable storage devices when they leave work :-)
The most effective way to achieve this is as follows:
Fire everyone.
Shut down the business.
Seriously. This is the 21st Century, and digital technology is pervasive. Source code is the simplest form of information to move around: ASCII text files. And are you seriously going to tell me that developers stop talking shop when they go home? I know I don't. I'm mulling over problems, algorithms, requirements, deadlines, and all that other whatnot. Do I share it with competitors? Hell no.
But my point is that intellectual property isn't at risk just because we've stepped away from our keyboards. Preventing the theft or distribution of software is a futile effort; you might as well shove gags down everyone's throats while you're at it.
Whoever is behind this idea needs to seriously rethink what it is that they're trying to achieve here. The more barriers you erect between a developer and the tools he needs to get his work done, the longer it will take him to deliver the product. Time to market is everything these days, especially in this economy. And no manager who wants to keep his job wants to be the guy who has to explain that the product is X months late because he erected insurmountable obstacles that prevented his teams from getting their work done.