Re: Source code security - rogue developers?

From: Jim Grimmett (cssjwg@bath.ac.uk)
Date: 06/13/02

Next message: knuj: "Re: Test - Please do not open."
Previous message: Sami Sihvonen: "Re: Need info from current security consultants"
In reply to: Todd Knarr: "Re: Source code security - rogue developers?"
Next in thread: : "Re: Source code security - rogue developers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Jim Grimmett" <cssjwg@bath.ac.uk>
Date: Thu, 13 Jun 2002 09:13:07 GMT

"Todd Knarr" <tknarr@silverglass.org> wrote:
>
> Basic problem: this sort of thing is only needed if you don't trust
> your employees, and if you don't trust them as a general matter then
> you have a much more major problem than just this. Think about what
> they _have_ to be able to do to the code to do their jobs, and what
> they could do in it. Frankly, if you have good reason to distrust
> them then they shouldn't be working for you, and if you don't have
> evidence already to justify not trusting them then this attitude of
> distrust will pretty much insure that they won't trust you ( which
> will make your mistrust a self-fulfilling prophecy soonish ).

It's an unfortunate fact that many software thefts and security problems
are caused by staff. Although you should trust your staff you should be
aware, and have procedures in place, for when this happens.

As many posters have pointed out, this is best solved by a combination
of effective personnel management and contractual restrictions.

It is _very_ hard to stop software getting out without filtering all emails
and physical searches - it's much easier to place possible financial
penalties on staff (ie, you'll sue them if they do it).

Mind you, you have to catch them and prove they did it...

Cheers, Jim Grimmett.

--
Systems Manager,
Department of Computer Science, University of Bath.
Internal Tel: 3084 ; External Tel: (01225) 383084 ; Mobile: 07989 595399

Next message: knuj: "Re: Test - Please do not open."
Previous message: Sami Sihvonen: "Re: Need info from current security consultants"
In reply to: Todd Knarr: "Re: Source code security - rogue developers?"
Next in thread: : "Re: Source code security - rogue developers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Cannot login
... Are staff selecting the proper domain at logon? ... you may have a problem with your trust relationship or there is a firewall or something blocking traffic one way. ... Run dcdiag, netdiag and repadmin in verbose mode. ... joined either the domain member of "staff or "student". ...
(microsoft.public.windows.server.active_directory)
Re: Sky News poll - War on Terror failing miserably
... I worked in the nhs and the management are not fit for purpose, ... In one hospital in n east the cost for mobile phone use (Staff only) was ... because the divvies in trust hq keep altering the headed address for no ... Training courses run by hq i.e. awareness for elderly gay patients!!!! ...
(uk.legal)
Here we go again---
... third of hospitals will have to close beds, sack staff or cut non-urgent treatment in the coming year, according to a British ... The poll revealed that three quarters of health trust directors admit to funding problems. ... The BMA first raised concerns about funding shortfalls in the NHS in a letter to Health Secretary Patrician Hewitt in August. ...
(soc.men)
Re: Very disturbing... someone please tell me this is unlawful....
... the same condition is a recipe for disaster and IMO the NHS is quite ... He sees his GP (primary care trust, ... ambulance to A&E (Hospitals Trust) where he's seen by a ... Many of those staff will have different methods of treatment, ...
(uk.legal)
Re: Chapter Twenty-Six of The Vondish Ambassador now online
... They don't trust anyone else enough to do that. ... they might _make_ some administrative staff; ... Would a wizard trust servants created by another wizard? ... Which is why it would be amusing. ...
(rec.arts.sf.written)