Watch for confidential information in code samples

We’re currently hiring for a few .NET programming positions and always ask applicants to provide a code sample. Some applicants can’t provide one since everything they have is confidential information, and we don’t penalize people for this. Some others have to check with their employer or previous employer first, and we always consider this a good sign. And others just go ahead and send us samples, which is usually ok but it can also be bad.

On occasion we get samples that have obviously confidential or proprietary information in them. This is always a red flag. Even if the code is very good, the fact that a person was willing to send his current or previous employer’s confidential information to a prospective employer as an example of work is bad.

In one particularly agregious case we received an application that had the company’s database domain name, username, and password all within the config file. That’s a major security problem. Not the type of security problem we’d like to hire into our company.

So if you’re applying for a job and providing a code sample, think not just about the quality of the sample but what information it contains and what it conveys about you, your honesty, and your consideration of others confidence and privacy.

This entry was posted in Uncategorized by Sam. Bookmark the permalink.

One thought on “Watch for confidential information in code samples

  1. Good point. Now, to give that applicant the benefit of the doubt, MAYBE those passwords etc. were first disabled.

    Anyway, yeah, giving up confidential information is wrong for two reasons: it’s not yours to give up; and it reflects poorly on you.. the person giving it up. I totally hear you.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>