Tuesday, January 20, 2009

Word on securing intellectual property

Do you care about your intellectual property? I am sure that the answer is yes. Now how about related question – are you doing anything to make sure that your intellectual property stays yours?

Even if you answered yes to the last question, it is not easy to cover all aspects of the problem. Some of more detailed questions you might want to answer:

  • Can you establish that certain code is yours in the face of possible legal action?
  • Can you establish the fact that reasonable precautions were undertaken to secure the source code?
  • How do you make sure that your proprietary code is not leaking into public domain?

* - If you have additional compliance to worry about (such as FDA), additional questions may need to be answered.

There are some small things you have to do proactively to make sure you are covered from the legal perspective. While I am not an expert in law, I do have couple of them to offer for your consideration:

  • Start adding copyright notices in your source code (such tools as StyleCop can help you with enforcing this practice)
  • While term “reasonable precautions” has a lot of legal nuances, at the very least that means that source code never leaves the premises (think about the situation where the developer uses source code at client’s site as a shortcut to fixing the problem)
  • If you have sensitive information as part of your source code repository (such as proprietary algorithms), you may have to be more restrictive; that is to make sure that the access to such information is granted only on “need-to-know” basis

If you happen to have any hard earned advice on the matter, please share it in the comment.


Anonymous said...

Does TFS meet the requirement of FDA compliances?

eugenez said...

How do you mean - FDA compliance?

The thing with FDA is that this is your software dev't process which is compliant, not your tools.

That said, for your process to be compliant, you must verify that the tools you use work correctly - meaning that they perform as you intended them to.

For example, for TFS that might mean that you actually walk through the whole process of, say, bug tracking.

So this may mean that you will have to verify whatever you use TFS for. However, different companies choose to verify different software (that is, usually you do not verify OS or say, C++ compiler if those come from commercial vendor).

Hope that helps.