Categories Topics
Source Code Protection

Source code protection is the practice of securing system files, program and application source code from unauthorized access or modification.

Source code and system file protection is one of the most important controls since unauthorized access or modification can lead to theft of intellectual capital or lead to back-door access to sensitive data to name a few.

Examples of source code controls include, but not limited to:
  • Vendor software is maintained at a level that is supported by vendor or supplier (e.g. patches or upgrades to ensure free of vulnerabilities)
  • Changes to source code, applications or system files are audited, logged and authorized by management
  • Production systems do not contain development code
  • Application versions are maintained and archived
  • Access limited to roles responsible for development source code control
  • Communication and data transport of source code uses secure channels for data transport (such as secure FTP, SSH, etc.)
Source code repositories should be leveraged to store source code securely and to ensure only authorized access and for version change control. Developer teams can use the repositories to check-in and check-out code, while keeping track of versions during the different phases of application development. Such repositories should also be treated as highly sensitive and should be carefully controlled, similar to other production systems.

Finally, system files should also be monitored and secured since misconfiguration of files can lead to unauthorized access to applications or systems that could lead to a wide range of issues leading to lack of confidentiality, integrity and availability of data.

Topic Category
Application Security
News Articles
Open-source developers targeted in sophisticated malware attackwww.computerworld.com3/30/2017
Facebook Creates Authentication Feature for GitHub Account Recoverywww.tripwire.com1/31/2017
Vulnerability in embedded Web server exposes millions of routers to hackingwww.computerworld.com12/19/2014
Wall Street traders charged with stealing company code via
Several Flaws Discovered in ZRTPCPP Library Used in Secure Phone Appswww.computerworld.com6/30/2013
AMI PC firmware upgrade scare: The global security meltdown that wasn'
AMI Firmware Source Code, Private Key Leakedthreatpost.com4/5/2013
VMWare Source Code Leak Follows Alleged Hack of Chinese Defense Contractorwww.wired.com4/25/2012
Brit student locked up for Facebook source code
Symantec admits stolen source code impacts pcAnywherewww.scmagazine.com1/25/2012
Man charged with stealing NY Fed Reserve Bank source codenews.cnet.com1/18/2012
Hackers Get Symantec Anti-Virus Source Codewww.wired.com1/6/2012