How to Avoid Developers Stealing Your Code: Code Security

Introduction

Are you afraid of developers launching your product as their own after having stolen your code?

Last week I stumbled upon a Facebook comment where someone was about to begin working with a team of remote software developers. He was however concerned about the safety of his codebase and their business and he wanted to know what measures he could take to protect his codebase.

I’ve been privileged to work with more than 300 companies, helping them build and scale their software with the help of some amazing remote development teams, and tech leads for more than 10 years.

Why You Should Not Worry

Building software is one thing, but bringing a product to market successfully is a different beast. Anyone who runs a SaaS today knows that there is much more to a successful business than the actual codebase.

To build a successful SaaS business, you need market share insights, audience research, SaaS marketing, and more. Software developers and software houses do not have the knowledge needed to launch a product in your market or industry and that is the first reason why it rarely happens.

The second reason is that the codebase itself.

Today most software, especially for most SaaS, is not that complicated. If you want to know how most software works today, you can simply create an account and see the functionality, someone can just send a link of the software or app to a developer and ask them to build a similar tool.

Unless your software has proprietary code – A special algorithm that is unique to your software, anything that you can’t just replicate by looking at the software – there is no need to worry about developers stealing your codebase.

For companies that do have a secret algorithm or piece of code that they consider to be their ‘secret sauce’ you can simply take it out of the codebase by publishing it as a separate microservice.

How to Work With Remote Teams and build trust

Outsourcing your software development needs today is becoming one of the most efficient ways for companies to build and scale their software.

In this case, you shouldn’t limit people’s access to code and anything that will affect the productivity of the developers working on your software. Remember, any working relationship only succeeds by building trust.

When working with a remote software developer, an engineering team, or a software house, make sure you give everyone everything they need to be productive while retaining access and ‘admin’ rights to everything.

So What Are the Risks Involved?

The biggest risk is to be held ‘hostage’ by a developer or development team.

Again, this very rarely happens, but I’ve heard of where a developer or software house, decides to hold your codebase or server hostage over a dispute over payments for example. How is this possible?

Development teams can for instance lock you out of your GitHub account or take control of the server until certain terms are met. They can threaten to shut down your software or even delete it.

Steps You Can Take to Protect Your Codebase.

The first step is to always have access to your codebase. Having access to your codebase is a critical first step in protecting your SaaS idea and its implementation. It enables you to maintain control, ensure security, and provide operational flexibility.

Next, make sure you own the domain, and give everybody read and write access to everything, but do not allow anyone to delete anything. Ensuring you own the domain for your SaaS product is crucial. It establishes your brand’s online presence and prevents others from impersonating your service.

So now you hold the master keys and this way, people can work productively and you don’t have to worry about who has access to what because only you can delete files.

This way, in case of anything, you can quickly lock everybody out, and worst case if something does happen to be deleted, you can restore the server from the codebase and the backups and bring everything back online.

Make sure that everyone else only has read-write access to the backup files as well.

How Can You Keep Your Dev Teams Accountable?

If you do not have technical knowledge, I recommend working with a Fractional CTO who’s independent.

A Fractional CTO can work with you on making sure that you have secure access to everything you own, and create a backup plan or a contingency plan in case anything ever goes wrong and you can quickly bring everything back online.

This will prevent you from being held hostage by anybody while still giving everyone who is working on your software or app the access they need to work productively.

They’ll be able to advise you on all things product development, scope out plans and roadmaps, help you keep your developers accountable, choose the right technologies for your product, handle code reviews, and more.

Intellectual Property and Contracts

Finally, you should also look into the contracts you’re signing with your developers, the development team of the software house. Obviously, after work is completed you have to have the Intellectual Property (IP) transferred to you.

It’s important to note that you are not really going to be able to enforce any penalties if something goes wrong, especially across borders internationally, so it’s important to have the right clauses in place because investors or a potential buyer will look into and do due diligence on this contract.

They will look to make sure that the entire Intellectual property (IP) is transferred to you otherwise it could be a complete deal breaker. I’ve seen instances where during an acquisition, the seller had to go back to various agencies or developers they used years ago and needed to sign another agreement with them just for the IP transfer.

While all that eventually went well and nobody had issues with that, the potential for conflict or ransom, or maybe you simply can’t find the developer who worked on your software years ago is high, so you have to make sure you own your IP and have a look at the jurisdiction.

Remember, depending on the cooperating contract jurisdiction – So whether it is a US-based contract, European law, or UK law the IP transfer will be different.

You might need to grant an exclusive irrevocable license, I’m not a lawyer, and I cannot offer legal advice, but it’s something to look into, check with your lawyers, and make sure you own everything on paper. While it doesn’t give you much in terms of enforcing things internationally, you do need to have everything in place in order to sell or get investment.

There you have it! If you’ve got any questions about your codebase, or you’re wondering how you can hire developers or work with a Fractional CTO, get in touch with us today! We’d be happy to help!