All your data are belong to u̶s̶ you

A story about how not to get fucked over by your software contractors

In the late 80’s there was a game exported from Japan to the US. As part of this export the game was translated from Japanese to English… Mostly. In one particularly famous point in the game the phrase, something like “We’ve taken all your bases!” had been translated “All your base are belong to us”

The inherent information asymmetry

The problem that faces you as the merchants is the inherent difficulty in understanding exactly what is being delivered when contracting web software development. By nature if you are contracting out this service to a provider then you do not have the necessary time or expertise to fully implement the required service. You trust the provider to implement a set of reasonable services considering the merchants budget, but have little way to verify if these decisions are reasonable.

A relationship spirals out of control

When the relationship between a provider and your business is collaborative and there is a healthy conversation back and forth about requirements, costs and so forth software development is a fairly straight forward process. Software development can be a little tricker and less predictable than some other disciplines, but mostly it’s pretty stable.

Forewarned is forearmed

Perhaps the best thing you can do when calculating the risks of using a given provider is to determine what level of control over the application is delegated to the provider, and what level of control remains with you. By systematically reducing the amount of power a provider has over the content you can negotiate from a much more powerful position in the case there is some ambiguity about whether a software provider is living up to their expectations.

Your data

There is many different kinds of data produced to make a web based software system work. Below are some of the different things that you should have the ultimate control over, delegating only the control required to run it to the software provider.

Compute infrastructure

Compute infrastructure is the underlying hardware (or virtualised hardware) on which your service operates. This could include things like:

  • DNS services
  • Domains
  • Databases
  • Backups

Version Control

A fundamental part of modern software development is the use of version control tooling, the most common being a tool called “git”. This allows many people to work on a project over very long periods of time despite the complexity of working over a million lines of constantly changing code.

Continuous delivery pipeline

If the project is sufficiently advanced it will have an automated release process that takes the content from version control and builds from that your fully functioning software application. While not critical, control of this pipeline allows you to veto automated changes to any systems that the software provider might modify to restrict an application in the event of a disagreement.

Project documentation

Any sufficiently complex software project will include documentation to explain its principles to colleagues who come and go from the team. Such documentation can considerably ease the burden when transferring from one agency to another, and is usually packaged with the version control but can be withheld in the case of a transfer.

Project or issue management data

Lastly, while version control records notes from the developers perspective (if the developers have troubled themselves to write these notes down), it does not include the project managers perspective or any understanding of the current state of the project.

Control means responsibility

The safety implications

There is a significant catch to being in the ultimate control of a software project. The primitives used to create these projects now are extremely powerful, and can run anything from a small business eCommerce store to a billion user real time game.

Additional costs

The services that build and manage software defined above are not free, and by being directly in control of them you are also in control of any costs associated. Additionally, should any of those tools lapse payment due to expired credit cards or other problems, development will grind to a halt but developers will likely still bill for the time lost.

How we at Sitewards balance this issue

At Sitewards we have a long history (~20 years) of managing software projects. We’d like to be working with our merchant partners because they find us a suitable partner and are happy to continue retaining our services to help them build their projects.

In Conclusion

Software development is a complex discipline, and it makes sense to contract some aspects of that out to experts who specialise in this. However, while undertaking this process it is also worth investigating what control will need to be delegated to the provider, and what recourse that you have if the relationship does not proceed as planned.


  • Francis M. Gallagher for their patient editing; I did a bad job here. ❤
  • Pascal Brouwers, Daniel Nettleton for early reviews.
  • Tomasz Kaplonski for review and feedback.
  • Cipriano Groenendal for review and feedback.