Ask HN: How dangerous is source code access?

8 points by fredrikfornwall ↗ HN
For a small startup whose product requires source code access (think static analysis as a CI service), how dangerous is it having access to the (non-open) source code of commercial customers?

How do we protect ourselves from the risk of a "IP troll" trying to earn money by claiming that we have used their source code, looking for similarities between their code and ours if it comes to a court?

We are planning to have a free tier where anyone can sign up, and without any protective measure it seems that we are opening up ourselves to risk.

At the same time I realise that the situation of having source code access is common (GitHub, GitLab, Travis, Netlify, ...) - how do the big players protect against the same risk, besides having a formidable legal department?

2 comments

[ 2.5 ms ] story [ 12.9 ms ] thread
No sane software editor should give its IP to any third party under the form of source code.

It's relatively safe if you don't sell the software but the associated data such as Google Chrome for example.

I am sorry to break your business but for any small company in the software industry trade secret is the ultimate IP protection.

Maybe you should think a bit more about your business model and what you should sell to your clients. ;-)

It sounds like you could benefit from a lawyer, some well written terms of use, etc.

Though, I have used a third party tool like this in the past where it did the static analysis locally. Is it out of the question you could do this? Could provide a Jenkins plugin or self-hosted option.