1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Reply to: 3rd Party Code Review / Attestation

Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "3rd Party Code Review / Attestation"

Collapse
  • sal
    replied
    Could you tactfully prod the potential Client, as to which attesters are acceptable for them?

    Leave a comment:

  • vwdan
    replied
    Originally posted by europetractor View Post
    Is all code uncompiled ? Add a compiled component that they cant break. You probably know better.

    While code and ideas do get stolen, there is nothing to gain in not distributing your software.
    It's already distributed as compiled (Well, managed - .NET C#) - my issue is providing some kind of proof/evidence that it's safe.

    Leave a comment:

  • europetractor
    replied
    Originally posted by vwdan View Post
    I think they're after paperwork, rather than an ongoing system. Either way, that can't happen because it needs to be able to work without internet connectivity and half of the software "ethos" is its fire and forget simplicity. It's all code signed so they can verify it's what I released, but I think they're after more than that.
    Is all code uncompiled ? Add a compiled component that they cant break. You probably know better.

    While code and ideas do get stolen, there is nothing to gain in not distributing your software.

    Leave a comment:

  • vwdan
    replied
    Originally posted by europetractor View Post
    Implement encrypted component with online verification whenever the app runs.
    I think they're after paperwork, rather than an ongoing system. Either way, that can't happen because it needs to be able to work without internet connectivity and half of the software "ethos" is its fire and forget simplicity. It's all code signed so they can verify it's what I released, but I think they're after more than that.

    Leave a comment:

  • europetractor
    replied
    Originally posted by vwdan View Post
    Morning morning. As I've mentioned before, I've got a small Plan B which consists of a small, cheap and shockingly niche piece of of software. It's probably not going to make me rich unless someone desperately wants to own the rights, but now I've written it it's money for old rope really. It only has a couple of competitors in what it does, and no competitors in how it does it - hence why it sells.

    Although I've sold into some fairly large companies before, including a FTSE100 financial institution, for the most part it's been considered "off the shelf" software. They test it, pay for it and that's that - I don't tend to hear much more from them.

    I've now got a foreign arm of a very very big insurance firm interested but they're asking for code attestation and verification. I, unsurprisingly, do not have such things....

    Which is why I'm here. Anyone had a similar request? What's the protocol - is it reasonable to agree, but state it's at their cost. What if it fails and can't pass for [Reasons]? How do I protect myself and my code?

    I'm just after some general advice on where to go before I respond so I don't look stupid. I've only actually been asked once before, but they just wanted me to send my code to a company they'd engage (I actually refused at that point because I was scared for my IP, but I think that was short sighted)
    Implement encrypted component with online verification whenever the app runs.

    Leave a comment:

  • vwdan
    started a topic 3rd Party Code Review / Attestation

    3rd Party Code Review / Attestation

    Morning morning. As I've mentioned before, I've got a small Plan B which consists of a small, cheap and shockingly niche piece of of software. It's probably not going to make me rich unless someone desperately wants to own the rights, but now I've written it it's money for old rope really. It only has a couple of competitors in what it does, and no competitors in how it does it - hence why it sells.

    Although I've sold into some fairly large companies before, including a FTSE100 financial institution, for the most part it's been considered "off the shelf" software. They test it, pay for it and that's that - I don't tend to hear much more from them.

    I've now got a foreign arm of a very very big insurance firm interested but they're asking for code attestation and verification. I, unsurprisingly, do not have such things....

    Which is why I'm here. Anyone had a similar request? What's the protocol - is it reasonable to agree, but state it's at their cost. What if it fails and can't pass for [Reasons]? How do I protect myself and my code?

    I'm just after some general advice on where to go before I respond so I don't look stupid. I've only actually been asked once before, but they just wanted me to send my code to a company they'd engage (I actually refused at that point because I was scared for my IP, but I think that was short sighted)
    Last edited by vwdan; 21 February 2017, 11:21.
    Tags: None

Advertisers

  1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
Working...
X