When I worked as a freelancer, I encountered lots of cases where customers were protecting their ideas and source code of their projects (such as web applications) as much as possible, no matter how unimportant, uninteresting and unoriginal were the projects and the concepts behind.
I've already posted a question about keeping the ideas secret, and received many great answers. Now, my concern is more about source code secrecy.
According to my observations of:
- The codebases I had to work on during my career,
- My own willingness to keep some of my own source code secret, and:
- A few articles like, for example, Open response to Simon Stuart by the popular Programmers.SE contributor Mason Wheeler,
I conclude that source code is kept secret mostly for those reasons:
-
Because the author is ashamed of the code of such a bad quality, or the company fears losing reputation if somebody sees such bad codebase, or that given the low quality of the codebase, it will not bring anything useful to anybody to open source it: even if somebody would be interested, he would hardly be able to run the solution (or, often, even compile).
-
Because parts of the code are stolen (mostly from open source projects covered by a license which restricts its usage in a given situation),
-
Because the code relies on security by obscurity and the author doesn't care about Kerckhoffs's principle.
-
Because the product is so breakable that showing the code would cause too much harm: if a closed-source app with all those security leaks would withstand a newbie hacker, the same open sourced app would have far smaller chances, because even the beginner hacker would just have to study the code to discover all the holes.
If it's not clear what I'm talking about, here's an example:
if (credentials.password === 'masterPassword12345') { isLoggedIn = true currentUser = credentials.userName } else { authenticate(credentials) } -
Because the author over-estimated the source code (and his own skills and expertise). Example: believing that a home-made cryptography-related algorithm (which was never reviewed by anybody) is better than any well-known one.
-
Because the author believes that the idea behind the code is great, and that it would be stolen.
-
Because of the "It's not perfect enough" syndrome. In other words, the developer is willing to release the source code to public when the code is "good enough", but day after day, there are still things to improve, so the code would never be released.
All of those reasons give a rather negative image of people who are against publishing the source code.
Are there valid cases to not release to the public the high-quality code which follows Kerckhoffs's principle?
Best Answer
Some people and most companies have a strange perception about the value of code.
"We spent $100,000 on this project therefore the code must be worth that" and feel a need to protect it.
In reality most code is more like paint. You spend $100 on paint and $200 dollars to apply it to your walls. But now the paint is worth nothing, you cannot sell it, nobody wants it, and even if they did you cannot take it of your wall and put it on somebody else's wall.
It may enhance the value of the building but you cannot realize this without selling the building.
You could "steal" Amazons code base (most of it is freely available from various open source projects) and set up an Ammassons web site but you would not take over much of Amazons business.
Code is a necessary part of any modern businesses infrastructure, but, it only has value as part of a process and culture, on its own its worth nothing.
I would add there are some situations where the code is vital to the business and would be valuable enough to any competitor that it should be kept secret: