I met with the CEO of a small software company a few weeks ago and we discussed this. Operational security is a topic I've long been curious how software companies deal with. They have just thirty programming staff, so the operations are different from MS or other firms. He told me only three (very trusted and long-serving) staff have full access to the entire source code.