I wonder how companies protect their source code from leaking. Doesn't every programmer have access to the full source tree? Any disgruntled former programmer employee ought to be able to dump the source of a product for the public to see.
Companies like Microsoft and Google employ several hundred interns each summer... college students with little commitment to the company and access to the source code of real products. Kids! Yet it's not considered a problem.
> I wonder how companies protect their source code from leaking
The prospect of being bankrupted by a civil suit or thrown in prison is enough to stop most people.
> The prospect of being bankrupted by a civil suit or thrown in prison is enough to stop most people.
Yes, but... if you're good enough to be hired by these companies, leaking source code without being traced isn't going to be hard for you. I've thought about this before and I'm actually surprised it doesn't happen more often.
If you're working at these companies you also know they have lots of people like you who will be working to track down any trace of who leaked the code. Are you willing to risk going to prison then being legally banned from touching a PC when you get out?
Also, you have little to gain from doing it even if you don't get caught. It's probably much more cathartic to blast them in a blog post than it is to anonymously release source code of an outdated/discontinued product. Especially since source is only readable to x people and a blog is readable to y. With X<<y.
Back in 1989, some similarly "idealistic" folk released portions of Apple source code. At the time everyone wondered if this would be the end of Apples strategic advantage. The froup called itself Nu Prometheus and while they never released any other source the excesses that Apple took to (unsuccessfully?) track them down led almost directly to the creation of the EFF.
Not sure who wrote this but it seems fairly accurate to my memory of those days:
The reality though is that such source code is hardly ever a requirement to understanding or reverse engineering the underlying algorithm, and is likely already obsolete by the time it becomes public.
I've learned that this issue has a name: Data Loss Prevention. Indeed, companies may have data more sensitive of source code (customers' credit cards numbers, financial or medical information, etc.)
I met with the CEO of a small software company a few weeks ago and we discussed this. Operational security is a topic I've long been curious how software companies deal with. They have just thirty programming staff, so the operations are different from MS or other firms. He told me only three (very trusted and long-serving) staff have full access to the entire source code.
