This is about using http://www.visualstudio.com/ for source control on a sensitive project.I'm not talking about theft from the outside, but from the inside.Like...I know this will sound paranoid, but...really there isn't anything stopping Microsoft from searching their databases for keywords like "high-performance", "next-gen", "sensitive", "money", "funds", etc.I mean it's their server, their encryption algorithms and it doesn't matter what it says in your license file if they can steal code without anyone knowing.Of course I'm not saying that I think they're targeting me or anyone specific.It's more like doing large-scale searches for valuable source code.They can also give stolen game engine code to the studios that work on Xbox exclusives.

INB4 "Tinfoil Hats!"

If they got caught stealing code they would probably lose the majority if not all of their high-paying clients and take a long time to get them back.

If you were in big business would you risk it?

There's a point where you have to either trust others or do everything for yourself. I'd trust a well known large corporation with an interest in continued business rather than smaller, lesser known players.

//EDIT: Why is this in the coding horrors forum? Moving you to The Lounge.

Tinfoil hats!!!
But yes it's possible that any data host could peek at your data. It's common knowledge that many data hosts *do* take advantage of this capability (from email hosts scanning for targetted advertising keywords, or the NSA having a back-door into your PC)...

If you're storing secrets of life and death importance, then build your own host and use strong encryption ;P

If they got caught stealing code they would probably lose the majority if not all of their high-paying clients and take a long time to get them back.

If you were in big business would you risk it?

There's a point where you have to either trust others or do everything for yourself. I'd trust a well known large corporation with an interest in continued business rather than smaller, lesser known players.

One should also consider the value of the stored data and potential industrial espionage activities from various government agencies(http://www.smh.com.au/national/australian-spy-agency-helped-bhp-negotiate-trade-deals-20131106-2x1sw.html), Microsoft and other big companies have far more to lose by stealing customer data than smaller companies (and thus can usually be trusted with more valuable information) but if the data is very sensitive or if your competitors are important enough to a nations finances the only sane place to store it is in a secure server facility under your own control in your own country.

http://rt.com/usa/microsoft-nsa-snowden-leak-971/ not sure if srs xD

Yeah, it was in the tv news here a few months ago that those major computer companies in US are forced to give the NSA direct access.

If you think noone should see it then dont send it over the net and dont put it on a server you dont control.

If they got caught stealing code they would probably lose the majority if not all of their high-paying clients and take a long time to get them back.

If you were in big business would you risk it?

There's a point where you have to either trust others or do everything for yourself. I'd trust a well known large corporation with an interest in continued business rather than smaller, lesser known players.

One should also consider the value of the stored data and potential industrial espionage activities from various government agencies(http://www.smh.com.au/national/australian-spy-agency-helped-bhp-negotiate-trade-deals-20131106-2x1sw.html),

That reminds me of when the US govt was all over the buyout of Sun by Oracle.

And IIRC, there were concerns that the US intelligence agencies were using communication interceptors to conduct industrial espionage. Can't recall the Wikipedia's article, it was related to some communications eavesdropping bases in USA, Japan and Switzerland.

So OP concern's don't sound that crazy to me.

State-sponsored industrial espionage is as old as time (or states and industry...) and yeah, there's many modern examples...

Game engines though aren't of national economic importance, so I wouldn't worry about our repos being intercepted and passed on to the competition ;P
In theory, MS could've put a back-door in windows, or the visual studio application, which uploads all our great code back to them for the thefts... So you've already got a bit of trust in them to play fair ;)

Also, trying to steal other people's code is actually incredibly time-consuming. It's often more economically viable to pay someone to rewrite the same thing from scratch than to decypher foreign code!

State-sponsored industrial espionage is as old as time (or states and industry...) and yeah, there's many modern examples...

Then about 100 years old I guess? That sounds pretty recent.

Also the value and security you feel are necessary for your code may vary.

As a few notable examples: Linus Torvalds (Linux kernel developer) keeps his own repository of the authoritative "clean" Linux kernel on a machine that he trusts. He started doing it back in the early days of the kernel, removing the machine from the public Internet, keeping it within multiple layers of network protection, and not allowing physical access to the machine to anyone else for any reason. Bruce Schneier (Crypto expert) recommends an "air gap" for certain things, basically where the computer with the critical content is not connected to the Internet at all, instead requiring a trusted physical media like a usb drive to manually move content after the trust has been proven.


A respository controlled by Microsoft is going to be fairly safe as mentioned above, but if you feel your security needs are not met by it you should consider other options.