Double-checking of source code

[rafael1978]

Hi,

A programmer has developed a VB.net application for me, however i am a bit concerned..
Since the application will create a database of very critical data in our company, i am a bit afraid that the programmer
Will somehow be able to retrieve critical company data....

i was thinking about hiring another developer to read the source code to see if the code is safe, and if there are
not log or email functions in it, which will send details about the use of the application to another PC or to the developer.
I am really not sure whether this would be the right step to do, or if there is another way to check these issues...
I am not a programmer and i would really appreciate any feedback or guidance...

 

[Dunfiddlin]

As said programmer presumably had to have access to the datasources in order to develop and test the application, it's surely a bit late to be getting paranoid about it now? Has said programmer given you any reason to doubt his/her integrity and trustworthiness (and if so why'd you hire them?) If you do get a 'second opinion' you will also have to run the risk of that person gaining access to critical information and so on and on. This is a problem you should have considered before the project was started. If there's anything scray under the bed it's long been set free!

You presumably have someone responsible for computer security? Make it their business to firewall the heck out of the program and keep it monitored. Either that or scrap the whole thing and do it properly the next time!

 

[Herman]

Surely the original app was developped with access to the datasource schema, not the sensitive data itself. If all you want to know is if there are any backdoors to the app, you could post the project here, or just find a trustworthy programmer in the family to examine it for you.

 

[Dunfiddlin]

Surely the original app was developped with access to the datasource schema, not the sensitive data itself. If all you want to know is if there are any backdoors to the app, you could post the project here, or just find a trustworthy programmer in the family to examine it for you.

Yeah. Don't do that!

 

[Herman]

I'm a strong believer in open sourcing software for greater security. Vulnerability discovery and patching is much faster when there are hundreds of people looking at the code.

 

[rafael1978]

The programmer has only had access until now to "dummy data" which we used just for building the application,
which was on a PC that wasn't used for anything else.. So i guess the risk of the programmer having gained access to critical information is small..

I do trust the programmer, but it is the first time i have been working with him, and the consequences of him gaining access to the data when i will be starting using real data could be huge for me, therefore i am a bit cautious...

Do you think a Firewall would be enough to prevent the application from leaking data to another PC in any way... for example would it also prevent email logs being send to other persons ?

The application is a .NET application with a size of around 3 mb... if i would have someone read the source code once, do you think this would be "enough" to be sure that the application will not have any backdoors ?