How To Protect Your Code From Being Stolen


Software source code is as valuable to a software company as a blueprint design is to a manufacturing firm. The use of copyright and other legal methods to protect valuable intellectual property (IP) are fundamental. They form the framework for the protection of the very heart of your organization – your product source code.

Legal structures of protection are important to build strong disincentives to source code theft. These incentives are especially important when considering insider threats. But these frameworks also act as vital evidence if the worst happens, and you end up in a court dispute over source code ownership.

A Case of Disputed Ownership

The infamous Cisco – Huawei dispute is a case of disputed ownership that cost both sides of the argument. Back in 2003, Cisco served a patent infringement order against Huawei. The dispute being over Cisco’s router software; the company suggesting that Huawei had used parts of Cisco code in their own products. The dispute was settled after Huawei agreed to change their products, thus removing the features associated with the Cisco code.

The Cisco-Huawei dispute rumbled on into 2012, with Cisco still standing by their position that Huawei stole source code.

No company wants to end up in a dispute over precious intellectual property. The result is a long and costly court case that saps the life out of a firm. This can be a particular issue for smaller companies who have little bandwidth to take part in lengthy court cases.

To prevent the theft of source code in the first place or to protect yourself, post-theft, you should look to three key areas.

Three Areas to Cover When Protecting Source Code

Area 1: Establish who owns your code?

Establishing who owns your code does seem pretty obvious – doesn’t it? However, we work in a world where software development outsourcing is a general upwards trend and companies spend multiple millions on it.

The use of open source too can add complexity into the mix of ‘who owns the code’.

A culture of ownership can also pervade the mindset of individual developers.

These areas are important to consider when establishing what the legal and company expectations are around code ownership.

Create maps of your code where ownership issues may arise. Look at the legal and contractual areas that can help tie them down.

Area 2: Legal Structures

Following on from the establishment of code ownership are the legal structures to strengthen enforcement of code ownership:

Copyright: When you think about copyright you probably have in mind the protection of written works, like books or song lyrics. However, copyright protection can also be applied to your source code.

Generally, copyright is automatically assigned to the individual who creates the work. So, a songwriter, the author of a book, the engineer who created the source code. The exception can be exemplified by the U.S., Section 101 of the Copyright Act  “Works Made for Hire”. This allows an employer to claim copyright of source code (or other work). It is not as straightforward as seems, however. A strong legal contract needs to be created to accommodate all of the variants of ‘employee’ including those in outsourced agencies, freelancers, and consultants.

Copyright once established, is upheld under International Law. After you have the legal contracts in place to assign copyright it is worth looking at the registration of copyright. If applicable, you should spend the time and money to have your company copyright officially registered.

Patent Law: Patent protection is another level down from copyright law and can be useful in protecting the ideas and invention the source code represents. Achieving patent status is a very different process to copyright. Whereas copyright can be automatic once the right contract is in place, patent applications can be lengthy and costly. The average time to a patent being granted is between 32 months to 3 years from submission.

Patents are not about protecting the underlying code, but about protecting your idea or invention. Because a patent protects your software product it, therefore, by extension, protects the underlying code itself. Once you have the patent, if it is infringed, you can sue the company or individual infringing your product or idea. However, the court costs to prove patent infringement may be prohibitive.

Area 3: employment contracts

Source code protection begins at the contract stage. You need to have a robust contract with the terms of “works made for hire” or similar, set out clearly, to establish copyright ownership. However, you may also need further protection in the form of a Non-Disclosure Agreement or clause (NDA).

An NDA is a contract in its own right. It is a way to protect confidential information from being leaked. An NDA in an employment contract is typically ‘unilateral’. It will set out the expectations around confidentiality of the source code created by that individual and as part of your overall development effort. It may also contain penalties for source code disclosure to third parties. Typically, clauses in a source code NDA include:

  1. Setting out the confidential nature of the source code and related designs
  2. Express provision for non-disclosure of source code
  3. Restricted use of the source code in any other context (e.g. in the programmer’s own repository)
  4. Non-transfer clause
  5. Return/delete clause on termination of a contract
  6. Jurisdiction – always relate back to the jurisdiction of the country you would take a dispute to

An example of an NDA which relates to source code can be seen here at Wingware Python IDE.

Other Considerations in Source Code Protection

As well as the three fundamental areas above there are other considerations in protecting source code:

Document everything: If you do end up in court in a copyright or ownership dispute you will need evidence to back up your claims. Keep a secure repository of designs, module architecture, code snippets, even email conversations.

Trademark your software: Your source code is just part of the overall product. Protecting all aspects of your application will ultimately help in protecting the underlying code. Trademark any aspect of your invention as appropriate.

Check your developers: Do background checks on your developer and outsource company. Ask for references from previous clients/employers. You are handing over the most precious of company resources, so you need to be working with trustworthy people.

Secure Code Starts with Legal Leg Work

It is so easy for your precious code and IP to end up in a competitor’s environment as Cisco found out. Taking the security of source code seriously is vital to maintain your competitive edge. Taking steps to protect your source code, starts at the contract stage. Using our three areas above as a starting point can help your company to put the right structures in place. You can then have peace of mind to know you have done everything legally to ensure your source code is not stolen.


Read other posts like this:

Trends in Data Loss Prevention (DLP)
What is DLP (Data Loss Prevention)
How to Choose a Secure Software Development Company
The Great Resignation and What it Means for Software Development and Data Security
Source Code Security Highlights of 2019 Report
Top Data Breaches of 2019: Half-Year Review