This story is written in collaboration with the founders of GitStorage , manufacturers of on-premise source code security and collaboration devices.
These are the days when many people have found out there is a lot of value in digital currencies. However, now that there have already been several meltdowns with coins getting stolen, users are being a lot more careful, storing their coins in digital wallets. Source code contains similar values, sometimes more. Software companies get acquired for jaw dropping deal prices; a big part of the value is their source code. Just as jaw dropping is the discrepancy between what people do to protect their cash, digital or old school, and what they do to protect their source code.
Storing the code in the cloud is a convenient way to address the problem. But with the rash of security breaches seen lately with millions being compromised by the largest companies, everyone has at least a shred of reasonable doubt as to whether their intellectual property is really safe and secure. Large hosting sites that manage many repositories are especially a huge target for all sorts of hackers, private and institutional or even governmental. For many, keeping source code private is more of a side business than their primary goal after all.
Hackers can think out of the box. Would they hire an attractive girl to have a young system administrator leak out a backup or two? Or would they try to exploit vulnerabilities? Maybe the hosting companies are using shared hardware, where CPU bugs can reveal information outside of the virtualization container? Or just send an old school spy into the company to get the job done. He would even get paid for it: it is so hard to find good system administrators these days. Who checks this? The FBI? The management? Everybody is very busy. Chances are we’ll never know.
Setting up your own server is a solution but comes with its challenges. Installing and maintaining a server is not a trivial task anymore. Those who have tried it found it is easy to accidentally expose all your source code. Seemingly small glitches in the configuration may already make code accessible to the public without users even being aware of it. And while the LAN generally provides some sort of coziness, it can actually be as wild as the public internet. Every PC, every cell phone, every device may contain that free software that serves as an inroad into the local network, and serves as a hub for hackers taking a look around.
The difference between stealing let’s say cash and source code is that you know when your cash is stolen; it’s gone. But when someone steals your source code, they usually don’t leave any traces behind; it’s still where you stored it. You might find out later though that your competitors know too much about your products, or that backdoors have been opened into your products. Finding statistics about how big the risk is has not really been documented, so it is very hard to say how many times code has been stolen.
If you’ve ever wondered why your competition from a far away country releases features that you are still working on, or someone writes about a software bug that you were not even aware of, it is time to ask yourself if your code could have gotten into the wrong hands. If your competitors are super aggressive in sales, maybe they are super aggressive in collecting information too. It might even look like an ethical thing to do if they hire companies to get information, just like one might hire a private investigator to collect intelligence about your competitors. Let someone else do the dirty work. Who cares if they go a step too far.
We will probably never know for sure if we were victims in such industry espionage. Maybe our competitors were just working harder. What we can do though is protect future projects by lowering the risk of getting hacked. This is why we started the gitstorage project: Make sure whatever we do next will stay with us. Physically store and encrypt the data on one device where nothing else is running that could cause leaks, backup the data to the cloud encrypted, and only our own system administrator has server access. We know the people who we trust.
Even if we use the device just for ourselves, the project is already a success. We are sure there are other companies out there that want to keep their code for themselves as well with a device like this.
Thank you for reading this article. If you are interested in learning more about the product visit gitstorage.com. You can also chat with the development team by emailing to firstname.lastname@example.org or calling +1–617–399–8179.