Code theft prevention - Chaperon or anything similar

Has anyone heard of Chaperon? is it effective in preventing code theft?

Now i understand that there can be many ways if someone was to steal code and there is nothing that could be completely foolproof, so please don't give me this as an answer.

I wa开发者_Go百科nt to know how effective this is and how does this utility/software exactly work?

Are there any other tools that are similar to this one?

It is the wrong question to ask. See Secure collaborative software development environment in the cloud

Why would you want to work with people you don't trust? The costs of organizing the control needed to make that effective are so large that your efficiency would be too low to survive in the market.

The reason that Chaperon doesn't have much competition is simply that there is no market. Start using it, go out of business fast.

One strong thing to consider when implementing any "code theft prevention" scheme is the fact that you're willingly trading productivity for security. The most productive environment for creating and debugging code is an open and easily shared one. This is why there are millions of lines of Open Source code written every year, even though most people involved aren't being paid for it.

Consider carefully whether the increased overhead and costs in terms of developer time is worth the theoretical potential for theft by one of your developers, who is already familiar with your algorithms and architecture, and could probably re-create the code if it was really something worth stealing.

Now, protecting your source code repositories from external access, and protecting your code "in transit" from people external to your development group who might be stealing it really boils down to Network Security, and you'd probably be better off posting it on serverfault.com or superuser.com

You can't effectively do what you're asking, especially in an environment where you don't trust the people working there.

A proper solution is to build a business model that is robust in the face of someone else getting the software. If as you say the “work ethics are unreliable”, you should count on the software getting spread around anyway.

Don't rely on artificial scarcity of the software – especially if, as you say, you can't trust your staff to maintain that scarcity – instead, rely on being the people who know the most about it.

I think all that can be done is monitor in situations like this. Firewall network. Deny https traffic. So users can not securely upload. Have softwares that email/log when external I/O devices are plugged.

Fire people whom you cant trust if that is an option.