Ip · Outsourcing

Giving code to external developers - precautions?

Anonymous

July 4th, 2016

Hi everyone, our website has been developed by a web development agency in London, but our agreement with them is coming to an end. We've found a guy in Poland who we're going to begin trialling as our new lead developer. We have no specific reasons to be suspicious, but wondering what precautions we should take before giving him Git access - what if he takes the code and runs off with it?

Christoph Ranaweera

July 4th, 2016

in the end the horrible thing can happen you can just try to avoid it but there is no guarantee and always a risk

1. get references and check with those. not super reliable as the dev won't give you bad references but maybe you are "lucky"
2. contract stating all the intellectual property things
3. the dev should be in a country where there are proper laws on intellectual property. If those are not being enforced in that country it will be difficult to make a case if not impossible.
3. As Biju wrote, having the dev in your country is easier when it comes to claims but in case of EU this can be in all the EU countries.
4. what would bother me most is giving out all the credentials (DB, payment login and whatever secrets and keys you are using). I would exclude the production secrets from git updated and have them locally and give the dev a local file to sandbox testing credentials.

Anonymous

July 4th, 2016

There's nothing you can do, really, other than checking references, as suggested by Christoph. This is the price you pay for using cheap labor overseas. But, in all likelyhood, he won't do that: he needs a job more than a chance to strike it big. On the other hand, if he does strike it big, he'll be easier to nail in a US court.

Bill Lennan Red Rope Social

July 4th, 2016

I've worked with a lot of remote developers and so far none have wanted to steal code and start a competitive business. 

What is your site built with?
If it's using one of the common, open source platforms ( i.e.; WordPress ) then it's all freely available. 
As Igor says - the developer wants a job and a salary.

Lisa Pomerantz Business and Employment Attorney, Arbitrator, Mediator and Trainer

July 4th, 2016

Of course you need a nondisclosure agreement but i suggest you do some due diligence on this developer. Get references from other customers. You should also include a choice of law and forum clause and preferably international arbitration. You might require him to certify compliance with the nda when submitting invoices. -- Lisa Renee Pomerantz Attorney at Law 80 Orville Drive Suite 100 Bohemia, NY 11716 Tel: 631-244-1482 Fax: 631-567-0611 lisa@lisapom.com www.lisapom.com The attorney you need to help you succeed!

Ivan Fortuna

July 5th, 2016

Agree with Christoph Ranaweera,

Also, I would suggest signing NDA with him with a paragraph that he has no rights to use the source code in any other project except your one.

Gabor Nagy Founder / Chief architect at Skyline Robotics

July 4th, 2016

Modularize and only give access to the part of the source code that you absolutely have to give access to.
Also, if you use a compiled language, like C/C++, you can just provide binaries (.a, .so .dll) for the sensitive components and the contractor can just link against them.

Biju Nair Independent Legal Practioner , Licensing Lead @Open Invention Network and Counsel @ sflc.in

July 4th, 2016

As a matter of practice please enter into consultancy agreements or specific agreement. with third party service providers as Intellectual property is the most important asset any company has. Ideally you should outsource to agency in the same country you operate as enforcement and due diligence of the service provider is easy.