Most companies have a ‘change control’ policy & procedure
to stop programmers form promoting programs (executables) without authorization.
But this has been a place of contention in all of the years I’ve been in this field. Someone always objects.
No, I cannot share our policies or our procedures.
We use the security packages in place on our different platforms to control programmer access to source code. (Years and years ago when I worked as an application programmer, I did share some source code with the user community. It was sort of a learning / teaching type of thing.)
The production level load modules (executables) need to reside in secure libraries / directories. Programmers should not have the ability to move programs into production. Programmers might place the executable into a ‘staging’ area, but only after proper approval by “change control” (meeting, signatures, user sign-off etc) does someone else (call this person ‘production control’) then move the program from the staging area into promotion / migration area (library, directory).
At the same time that the executable modules is moved, the source code is then checked back into the source code production library. Again, maybe by “production control”.
separation of duties
no one single person can make a change
programmers are people. Can we all be trusted? Ever make mistakes? Intentional harm? Remember, most data thefts occur from INSIDE the organization.
Setting up these procedures is not trivial. But it must be done.