0

Right now I'm working as a software development leader in my enterprise.

Here's the main issue of everything. A software developer that works with us. There has been some rumours about this user sharing/developing software for other enterprise that does the same manufacturing products. There's not proof that he's really doing this. But he never likes to share code and takes the company laptop to his house.

I cannot put too much authority on him because I'm new in this company and right now we are working in really dangerous and sensitive employee data and other secret projects.

No. we are not making him working in this because we think he's probably going to share this information with other companies.

We knew about this issue because a few employees haben seeing him in other companies sharing information with past managers that used to work with us.

We mainly develop in .NET applications (ASP.NET webForms and windows forms applications)

We really would like to protect our code (He has access to IIS Server).

But the thing is that .NET EXE's and .DLL can be reversed engineered with .NET decompilers really easily.

Do you know what we can do to protect our code even if he has the .NET EXE file?

Thanks.

NathanWay
  • 559
  • 7
  • 14
  • 4
    This is not an information security question. If you can't trust a developer, the developer should be let go. Don't try to apply technical solutions to a people problem. – Xander Apr 17 '17 at 17:14
  • We cannot fire him because of the information security and what he can to with the company laptop information. We are actually working in analyze everything that he has developed but we really need to keep going with projects and wait until he realizes about this and leaves... – NathanWay Apr 17 '17 at 17:18
  • Then you are out of luck. Attempting to protect source code from one of its developers who still has privileged access is an exercise doomed to failure. – Xander Apr 17 '17 at 17:19
  • Any tips? Or what we should do? – NathanWay Apr 17 '17 at 17:22
  • What you should do: 1. Take your concerns to management, HR, and your corporate counsel. 2. Let them decide how to best deal with him. 3. Carry on with business as usual. 4. Job done. – Xander Apr 17 '17 at 17:40
  • Just as an addendum, your belief that he can harm your company if he's fired, but not if you continue to allow him to have privileged access to systems until he realized he's suspected of malfeasance and leaves of his own accord is disastrously wrong. – Xander Apr 17 '17 at 17:44
  • I agree that the personel part of this question isn't really on topic here. @NathanWay, if you want an answer to your technical question - how to protect against decompilers - I suggest you remove the rest and focus on that. – Anders Apr 18 '17 at 10:46

1 Answers1

1

It sounds like you're looking for an obfuscation tool, such as discussed over at StackOverflow in ".NET obfuscation tools/strategy". The idea behind such tools is that they make it harder to decompile/understand the program.

Other tricks include compiling the .NET executable to native code and using aggressive optimization as these can help strip the original intent from the code, making it less comprehensible and harder to repurpose the code from the executable.

As Xander pointed out in the comments, you may need to take further action than just obfuscating and lossfully compiling the code as these technical approaches are unlikely to be perfect solutions.

Community
  • 1
Nat
  • 1,443
  • 2
  • 10
  • 13