[turbinemonkey]

I wouldn't say we have an exceptional need for security, but we do have reservations about dropping the only thing that has any real value in our company right now into what looks like a helluva honey pot.

I'm not sure I can even properly enumerate the risks -- if I could, I'd be able to make a calculation pretty easily. Espionage seems absurd, but who am I to say that that's not a possibility?

That said, we're getting by by cutting back on our extraneous costs, which means exactly the opposite of "hire someone ourselves and keep full control".

[gthank]

Definitely seems overly paranoid to me. The real value that your company has is in your brains. The things you've learned about your customers can never be fully captured in source code. Especially considering there's no real potential for loss of the code, only exposure, I'd say the tradeoffs are worth it.

[mbrubeck]

Your people and their knowledge have real value. The code alone has limited value to anyone else, without the associated expertise. And if it does leak, normal legal protections can mitigate the damage. (For example, the threat of a copyright or trade secret lawsuit may be enough to keep competitors from using or even looking at your code without permission, depending on who they are.) On the other hand, accidental breaches do happen (whether outsourced or self-hosted), so you should probably keep your secret keys and passwords even more protected than your source repository.