I saw this in an article today on Bloomerberg:
July 7 (Bloomberg) — Goldman Sachs Group Inc. may lose its investment in a proprietary trading code and millions of dollars from increased competition if software allegedly stolen by a former employee gets into the wrong hands, a prosecutor said.
Full details of the theft were not disclosed, but the article indicates that the person suspected of the theft was an internal employee involved in the upgrading the trading platform:
Aleynikov worked at Goldman from 2007 until June, the government said in the complaint. He was part of a team of workers responsible for improving the computer platform. His alleged transfer of computer codes ran from June 1 to June 5, according to prosecutors.
There are multiple vendors that offer solutions for the obfuscation of source code to protect from theft and other application hardening solutions that protect the code once it is installed and running (for example, detecting tampering and debugging attempts and initiating specific responses, including destruction of the code). These solutions protect from insider and external attack. Vendors include Arxan, Cloakware, PreEmptive, V.i. Laboratories and others. We have researched and advised clients on these vendors and solutions for years.
The Goldman Sachs theft is a reminder that almost every modern organization has some of their IP embedded in software which is subject to attack and theft. Like all security decisions, there must be a discussion of the cost/risk/benefit tradeoffs. However, if your Intellectual Property is worth millions, then some amount of extra protection makes sense including additional controls on source code in the development process.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.