Have a melon today.
Yesterday afternoon B station source code was malicious open source, must be a lot of readers have eaten. I won’t repeat it. Many netizens ridicule the official management of project code security is also the main reason for the leak. Today, about code security, it is really the enterprise does not pay enough attention to project code security or management is not in place?
In addition to my internship, I also worked in various representative companies of different sizes, state-owned and private. They also have different approaches to code security.
It is true that some enterprises do not pay attention to code security, but generally they are entrepreneurial small companies, not to mention code security, even their own code management platform, basically directly buy third-party platform private library hosting. As long as you have an account password, the project can be clone anywhere. But it is understandable, after all, limited funds and manpower need to be spent on the best.
But most companies of any size have some common security measures in place that go beyond code security.
- You are not allowed to use your own computer for office work or even test machines.
- Restrict USB port permissions and prohibit data transmission.
- Don’t install some software or visit some websites on your office computer.
- Set the corresponding permissions to the project code, the front-end programmer is not able to see the background project. Git Clone error: You do not have access to git.
- There is also an environment called an Intranet.
Of course, these measures need the support of human, material and financial resources. But getting past these “firewalls” can be tricky for programmers.
Is there really no way for the enterprise to secure project code?
Yes, I have, and remember!
When I was an intern in Beijing in 2014, I was sent to a military enterprise. I still don’t know what it is called. Later I found out that it was a project to do the information management system of weapons and equipment. Of course, the data provided must be false.
First, it was a secluded location, a long drive around in one of Beijing’s remote mountains and forests. Work for one week, the working environment is completely closed, not allowed to go out during work; To enter, we need to sign various confidentiality agreements, and to enter and exit the office area in addition to swiping cards, to register; Mobile phones and other devices are not allowed in the office area.
Secondly, in terms of hardware, there is no USB interface for the computer host, and the operating system and database are not common in the market. Later, I heard that they are independently developed, but it is difficult to use anyway.
The network environment was also completely closed. At the beginning, there was no chance to access the Internet. It was impossible to copy and paste open source code. This will definitely affect the development efficiency. After a week of coordination, a virtual machine similar to sandbox mechanism is installed on the operating system. The Internet can be connected through the virtual machine, but it is impossible to transfer data, even copy and paste. Typing exception messages is absolutely maddening, and you won’t understand it until you’ve done it. That kind of helplessness is still unforgettable. It was also the strictest project management I had ever encountered. The project source code must not be leaked, but I would be crazy…
Don’t think how high the technology of this project, in fact, is an ERP system, what framework are not needed, all JSP +servlet….
Regarding the security aspect of project code, it is not that enterprises do not pay attention to it, nor is it that technology cannot do it, it is really a very painful matter. Not enough force, not much effect. Too much force, affect efficiency not to say, believe that many programmers can not accept it.
The reader’s welfare
How to improve code quality? — Summary of r&d experience from Ali P8 architects
Ali P8 shares the learning path of Java architects, the sixth point is particularly important
Eight tools every Java Developer should know
Want to interview a Java architect? Do you know the basics?
Draw a map to your core competency, turning midlife crisis into a gas station
There’s no midlife crisis, but setting goals as a plan
Being laid off is not the focus of winter, the focus is how to break the career bottleneck