Categories Topics
Description
Source Code Protection

Overview
Source code protection is the practice of securing system files, program and application source code from unauthorized access or modification.

Guidelines
Source code and system file protection is one of the most important controls since unauthorized access or modification can lead to theft of intellectual capital or lead to back-door access to sensitive data to name a few.

Examples of source code controls include, but not limited to:
  • Vendor software is maintained at a level that is supported by vendor or supplier (e.g. patches or upgrades to ensure free of vulnerabilities)
  • Changes to source code, applications or system files are audited, logged and authorized by management
  • Production systems do not contain development code
  • Application versions are maintained and archived
  • Access limited to roles responsible for development source code control
  • Communication and data transport of source code uses secure channels for data transport (such as secure FTP, SSH, etc.)
Source code repositories should be leveraged to store source code securely and to ensure only authorized access and for version change control. Developer teams can use the repositories to check-in and check-out code, while keeping track of versions during the different phases of application development. Such repositories should also be treated as highly sensitive and should be carefully controlled, similar to other production systems.

Finally, system files should also be monitored and secured since misconfiguration of files can lead to unauthorized access to applications or systems that could lead to a wide range of issues leading to lack of confidentiality, integrity and availability of data.

Topic Category
Application Security
 
News Articles
Open-source developers targeted in sophisticated malware attackwww.computerworld.com3/30/2017
Facebook Creates Authentication Feature for GitHub Account Recoverywww.tripwire.com1/31/2017
Vulnerability in embedded Web server exposes millions of routers to hackingwww.computerworld.com12/19/2014
Wall Street traders charged with stealing company code via emailwww.theregister.co.uk8/26/2013
Several Flaws Discovered in ZRTPCPP Library Used in Secure Phone Appswww.computerworld.com6/30/2013
AMI PC firmware upgrade scare: The global security meltdown that wasn'twww.theregister.co.uk4/11/2013
AMI Firmware Source Code, Private Key Leakedthreatpost.com4/5/2013
VMWare Source Code Leak Follows Alleged Hack of Chinese Defense Contractorwww.wired.com4/25/2012
Brit student locked up for Facebook source code hackwww.theregister.co.uk2/20/2012
Symantec admits stolen source code impacts pcAnywherewww.scmagazine.com1/25/2012
Man charged with stealing NY Fed Reserve Bank source codenews.cnet.com1/18/2012
Hackers Get Symantec Anti-Virus Source Codewww.wired.com1/6/2012