Prevent The Loss Of Ip Through Code Sharing Sites

By Author: Lauren Ellis
Total Articles: 35
Comment this article

Everybody has IP in their code now
Coding is not just for software companies anymore. Companies in every industry – financial services, transportation, media, manufacturing, healthcare – all rely heavily on developers to create internal software that keeps their businesses running and provides an advantage over the competition. Much of the code developed is proprietary, but companies are increasingly leveraging open source code to support their development.

Don’t get me wrong – the open source movement is great and is here to stay (sharing is caring?). That being said, there are some hidden risks people need to know about in order to use open source code without endangering their organization’s intellectual property. One risk is that you may be downloading malware and implementing it into your code, but this article examines the other side of the issue – code that is uploaded and the risk of IP loss in doing so.

Risky T’s & C’s
Popular Cloud Security services for sharing open source code include GitHub, SourceForge, and ...
... Codehaus among many others. Most developers understand that, based on the terms and conditions of these sites, when they contribute code to an open source project, that code can become open source itself and that if the code is proprietary to their organization, their organization has lost exclusive legal rights to that code. Nonetheless, it happens and it happens a lot.

Enterprises block the wrong services
In our recent Cloud Adoption and Risk Report, we found that, similar to patterns found around file sharing services, enterprises are blocking the IT development services they are most familiar with, not the services that present the most risk. For example, GitHub, a popular open source development site is blocked 21% of the time, however Codehaus, a much riskier open source development site, is blocked only 1% of the time.

How to leverage open source safely
The key to leveraging open source safely is not “just block it”. Rather, you should take a measured approach. First, you need to understand which code sharing services your developers are currently using. Then, leverage a Cloud Security service registry to identify the best low-risk services, and promote the use of those rather than the high-risk alternatives. Next, look for directionality to identify data that is uploaded rather than downloaded. In doing so you’ll minimize the risk of IP loss and ensure that your code remains your code. Finally, make sure you’re managing use and receive alerts when an anomalous occurrence, such as a large upload, occurs.

Author :
Lauren Ellis is a research analyst covering the technology industry’s top trends & topics, focusing on Cloud Security, Cloud Computing, Data Loss Prevention etc.,