What if a client demands your source code? Is it better to just walk away rather than hand your source code, a most precious commodity, over?
For software developers who seek government contracts, this isn’t a simple situation. The right answer differs under various circumstances. Some would simply charge a higher price for both application and its source code if it is a one-off project. Others will not divulge their source code because they look at it as a source of continuing value. They see their source code as a box of tools they use again and again on different projects.
One of the perils of releasing source code to clients is that source code can be decompiled and used for ends not included in the original contract. Hacked source code could be used to install back doors into previously installed applications. There is no question that source code is intellectual property (IP) that is worthy of protection. The Theft of Intellectual Property Commission last year estimated that American companies lose as much as $600 billion a year in IP theft.
The Council on Competitiveness, a lobby group, points a finger at China. It alleges that “China remains the world’s principal IP infringer, driven by an industrial policy that continues to prioritize both acquisition and development of science and technology. It is committed to policies that include maximizing the acquisition of foreign technology and information, policies that have contributed to greater IP theft.”
So for software contractors the question is what would be their response if a foreign government would only allow them market access if they allow “inspection” of the source code. Inspection, in this case, would be an excuse to copy the source code for the national government’s own ends.
The question can only be answered by each individual contractor on case-to-case basis. They would have to weigh the risks of having their source code pirated and used against them versus the financial benefits of access to a whole new market.
One way to avoid all these headaches is to go open source all the way. This disarms the problem at the root. But for many other developers, this is not a real option.
A second path may be to double down on even more security and encryption for source code. This may include obfuscation that would render the source code unreadable but still available for compilation. It could also include locking down certain sections of the code or trigger alarms if certain parts of the source code is changed.
A third way might be to include iron-clad legal protections as to the use or copying of the source code. This would be effective against companies who would still have to answer before courts of law. Against national governments, however, it would have decidedly less efficacy.