Comment by ec109685

It seems like it depends on your threat model. If what your company is doing is valuable enough and you have a large enough organization, a motivated attacker will have access to the system’s source to run their offline analysis of it, regardless.

Background checks and interviews aren’t much of a barrier…