I had a discussion with a client today looking to protect sensitive intellectual property in their source code. I discussed two primary areas of risk: 1) that the developers (some of which were offshored) might take the code and 2) once the code was distributed to customers, it might be reverse engineered or copied
Addressing the first set of risks should start with policy – for example a non-disclosure agreement. Technical controls such as running developer sessions from a hosted virtual desktop session are also possible.
To address the second risk, an entire ecosystem of vendors offers solutions for the obfuscation of source code, tamper-resistance and tamper detection. These are covered in the latest Gartner hype cycle for application security which we just published for clients under a dot labeled “code obfuscation”
The latter is especially true with the shift to managed code and platforms such as Java and .NET which are much more easily reverse engineered.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.