Re: Source code security - rogue developers?

From: Jim Grimmett (cssjwg@bath.ac.uk)
Date: 06/13/02 

From: "Jim Grimmett" <cssjwg@bath.ac.uk>
Date: Thu, 13 Jun 2002 09:13:07 GMT

"Todd Knarr" <tknarr@silverglass.org> wrote:
>
> Basic problem: this sort of thing is only needed if you don't trust
> your employees, and if you don't trust them as a general matter then
> you have a much more major problem than just this. Think about what
> they _have_ to be able to do to the code to do their jobs, and what
> they could do in it. Frankly, if you have good reason to distrust
> them then they shouldn't be working for you, and if you don't have
> evidence already to justify not trusting them then this attitude of
> distrust will pretty much insure that they won't trust you ( which
> will make your mistrust a self-fulfilling prophecy soonish ).

It's an unfortunate fact that many software thefts and security problems
are caused by staff. Although you should trust your staff you should be
aware, and have procedures in place, for when this happens.

As many posters have pointed out, this is best solved by a combination
of effective personnel management and contractual restrictions.

It is _very_ hard to stop software getting out without filtering all emails
and physical searches - it's much easier to place possible financial
penalties on staff (ie, you'll sue them if they do it).

Mind you, you have to catch them and prove they did it...

Cheers, Jim Grimmett. 

--
Systems Manager,
Department of Computer Science, University of Bath.
Internal Tel: 3084 ; External Tel: (01225) 383084 ; Mobile: 07989 595399

Relevant Pages

  • I wouldnt trust them with my hamster: Whistle blower lifts the lid on wildly successful NHS trust
    ... Marks & Spencer on how their staff loved wearing theirs,' she says. ... South Essex Partnership Trust was awarded the top ... Its chief executive, Dr Patrick Geoghegan OBE, is a Government ... was to teach 'customer service' to ...
    (uk.politics.misc)
  • Re: I wouldnt trust them with my hamster: Whistle blower lifts the lid on wildly successful NHS tru
    ... Marks & Spencer on how their staff loved wearing theirs,' she says. ... South Essex Partnership Trust was awarded the top ... Its chief executive, Dr Patrick Geoghegan OBE, is a Government ... was to teach 'customer service' to ...
    (uk.politics.misc)
  • Re: Source code security - rogue developers?
    ... and if you don't trust them as a general matter then ... if you have good reason to distrust ... It's an unfortunate fact that many software thefts and security problems ... Although you should trust your staff you should be ...
    (comp.security.misc)
  • Re: Cannot login
    ... Are staff selecting the proper domain at logon? ... you may have a problem with your trust relationship or there is a firewall or something blocking traffic one way. ... Run dcdiag, netdiag and repadmin in verbose mode. ... joined either the domain member of "staff or "student". ...
    (microsoft.public.windows.server.active_directory)
  • Re: Sky News poll - War on Terror failing miserably
    ... I worked in the nhs and the management are not fit for purpose, ... In one hospital in n east the cost for mobile phone use (Staff only) was ... because the divvies in trust hq keep altering the headed address for no ... Training courses run by hq i.e. awareness for elderly gay patients!!!! ...
    (uk.legal)