[sid0]

How is this any different from storing source code on GitHub, or using Campfire to communicate?

A very reasonable argument is that you shouldn't be using those either. GitHub is fine for open source projects but if I were involved in writing proprietary code I'd probably not put it up there.

[weavejester]

Out of interest, why not? Is it that you don't trust GitHub's security, or do you believe there's a chance GitHub might appropriate your source code?

[angelbob]

Think conflict of interest. What if GitHub was bought be a competitor or other hostile entity? Now, can you guarantee they never will be?

[weavejester]

You can't guarantee anything. It's all about trade-offs and managing risks. Putting your source code onto a private server doesn't guarantee that your source code is safe, and there are far more examples of source code being stolen from private servers than there are of companies appropriating source code from hosting companies like GitHub.

[angelbob]

This is true. But would the story get out if it happened? And it's not limited to appropriation. There are stories about, say, Assembla, and the terms of code storage changing dramatically. You could also have a company where the security on transferring the code was inadequate. That's a concern you don't have as much if your servers are local (though you need VPN for remote coders).

It's also hard to talk percentages -- there are a lot more companies storing source code on private servers than using external hosting. So yes, more stories of that, but it's hard to talk percentage chance rather than absolute numbers.

[weavejester]

Is the risk large enough to justify using a more expensive and less functional in-house system? To me, the risk of using a third-party host seems vastly outweighed by the benefits.