Reply to post:

Software dev cuffed for 'nicking proprietary financial trading code'

Ogi

> I do wonder if there is a non-draconian way to mitigate for that risk.

Code reviews.

Specifically doing code review before deployment to production. For such an attack to work, you would have to have the reviewer and the developer working together. It goes from a "lone wolf" type attack, to one where you need a conspiracy amongst multiple people in the chain for it to be possible. It increases the chances or slip ups/detection or someone pulling out and exposing the others involved.

Plus, in addition to spotting backdoors, code reviews can sometimes aid in detecting bugs the other dev didn't notice/see/test for, and can be a good idea to do anyway when doing dev work.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019