I might propose migrating away from VSS due to its inability to grant and deny permissions at the file level. The question is what source control systems allow this.
Update I am marking the SVN answer as the "correct" one, since it had the most feedback. However, there is no correct answer. I will make my recommendations to management based on all your feedback.