I saw this in an article today on Bloomerberg:
July 7 (Bloomberg) — Goldman Sachs Group Inc. may lose its investment in a proprietary trading code and millions of dollars from increased competition if software allegedly stolen by a former employee gets into the wrong hands, a prosecutor said.
Full details of the theft were not disclosed, but the article indicates that the person suspected of the theft was an internal employee involved in the upgrading the trading platform:
Aleynikov worked at Goldman from 2007 until June, the government said in the complaint. He was part of a team of workers responsible for improving the computer platform. His alleged transfer of computer codes ran from June 1 to June 5, according to prosecutors.
There are multiple vendors that offer solutions for the obfuscation of source code to protect from theft and other application hardening solutions that protect the code once it is installed and running (for example, detecting tampering and debugging attempts and initiating specific responses, including destruction of the code). These solutions protect from insider and external attack. Vendors include Arxan, Cloakware, PreEmptive, V.i. Laboratories and others. We have researched and advised clients on these vendors and solutions for years.
The Goldman Sachs theft is a reminder that almost every modern organization has some of their IP embedded in software which is subject to attack and theft. Like all security decisions, there must be a discussion of the cost/risk/benefit tradeoffs. However, if your Intellectual Property is worth millions, then some amount of extra protection makes sense including additional controls on source code in the development process.