People make mistakes. We’re only human. But in business, human error can become a risk — whether nefarious or accidental. The fact of the matter is that the majority of security flaws come from people in the organization. In a traditional software development enterprise, people are vetted, badged, and trained on security best practices. You can expect a certain degree of error there. Topcoder, on the other hand, isn’t traditional; we go on the offensive because we don’t have badged employees. People don’t swipe to get access. We don’t host in-house security trainings. Instead, we treat every interaction as a secure one. We use the following security and confidentiality processes to make sure that nothing is left behind or left unchecked, and that our customers are always protected.
Security and IP screening software
Most software and data security breaches are the result of something unintentional. So above all else, we need to embrace technology to ensure we are not letting any code, design, or algorithm go unchecked. Starting with the simple fact that we always use secure channels to transfer any IP, this enables us to systematically monitor and track the lifecycle of our customers’ digital assets. At Topcoder, we use a combination of best-of-breed static analysis code scanning and IP screening combined with in-house technology. We use artificial intelligence and advanced heuristics to certify the security, adherence to standards and best practices, and even authenticity of the code. When it comes to security, being on the offensive is a great defense.
Process and code reviews
Software alone isn’t enough. We also put processes in place to make sure things go according to plan. Specifically, we atomize code, both to protect our customers’ privacy and to remove single points of failure such that no one person is physically able to connect independent pieces to do something nefarious. At Topcoder, it’s our code reviews that determine who gets a paycheck at the end of the day. Everywhere else, the code check is done by a peer down the hall. It’s done after the fact, and more as a review of the person than as a review of the code itself. Our code checks are serious; because they determine who gets paid, there’s an inherent responsibility to get it right the first time around.
We use the best and most accomplished members of our community to perform anonymous code reviews. Not only is it much more accurate and efficient than having dedicated internal staff or customers perform the reviews, but it also ends up producing higher-quality outcomes; the redundancy in the number of reviewers ensures the veracity and quality of the reviews themselves. In this sense, we even use crowdsourcing to generate more accurate code reviews.
Contracts, rules, and regulations
What security measure has been around the longest? Contracts. Of all the things, a business can do to protect their customers, a signed contract should be lowest on the totem pole. And for us, it is. The signed piece of paper that traditional companies use as their standard is our weakest link. Contracts only provide a single layer of security. They’re good to have (and still necessary), but in the digital age, they’re no longer enough. If you’re going to the contract to resolve an issue, it’s already too late.
When Topcoder Community members submit to a challenge, there are extensive rules and regulations in place — red tape that further qualifies competitors and their submissions. Our rules and regulations are also far more specific than that of a traditional company because we apply them, reference them, and enforce them on every interaction that shares or produces IP. Most companies apply and enforce them twice: at the time of hire and at the time of exit.
All of that being said, businesses don’t need to sacrifice innovation for security. Through secure software channels, IP screening tools, peer reviews, rules and regulations, contracts, and code scans, Topcoder delivers the safest possible experience for our customers, while also providing the most innovative method of technology delivery.
Mike Morris is the CEO of Topcoder, a Wipro Company. As the CEO, Mike is responsible for the success of Topcoder and its customers and partners. Topcoder was a pioneer in the crowdsourcing model. Its 1Mn+ strong global community of design, development, and data science experts are redefining innovation today. Mike has been dedicated to Topcoder since its founding in 2002. He has also been instrumental in promoting how the world’s top competitive technology community revolutionizes enterprise software.
Previously the GM of Appirio, Mike led their customer innovation and sales/services teams to establish Topcoder as the premier crowdsourcing destination. He was also responsible for Appirio’s organically grown crowdsourcing platform, Cloudspokes. His vision helped build the offering from concept to a multi-million-dollar business in less than 2 years. Cloudspokes was merged with Topcoder after the acquisition and successful integration of Topcoder and Appirio.
A Boston College alumnus, Mike began his career as a C++ engineer working on Protean – ERP focused on manufacturing companies. As the Director of Design and Development at Tallan Inc., Mike led strategic accounts covering the North West from Silicon Valley to Seattle.
Mike’s ability to manage and motivate at all levels of the internal/external organization, as well as serve as an accessible software industry resource, enables him to connect with technologists and strategists throughout the world.