Reply
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply

Re: How do I ensure the freelancer's code is trustworthy?

3970c18a
Active Member
Nathan D Member Since: Sep 6, 2016
1 of 15

Hi, I've just signed up for upwork and I have some Magento work that needs doing. As I'm new I'm a little unsure of something.

 

How do I know the freelancer is trustworthy? For example, if I am asking for a payment gateway to be implemented, how do I know that the freelancer isn't embedding code that will allow him/her to harvest email addresses or card info for illegal purposes?

 

How do I know the code is not malicious?

 

Thanks

belalyahya
Active Member
Bilal Y Member Since: Jun 22, 2016
2 of 15

Hi Nathan,

I understand your concern being a client, I am writing on the behalf of the freelancers community. 
Upwork is one of the most reliable platforms for spending your money online, and nobody can do fraud with anyone exclusively on this platform.
You can choose a rising talent, top rated Magneto Freelancer from the pool because they have a strong repute on Upwork.
You can sign a NDA, with the freelancer before starting the task -- just to be on safe hand, Upwork itself is no less than NDA and it always respect the confidentiality of a client and a Freelancer.
And to check the code, if it is malicious, make a fixed job contract with the Freelancer and approve the payment milestone after checking and test running, in case there is a glitch in the work, ask the freelancer to fix it before releasing funds.

In this way, you and the other freelancer working for you -- both are on safe hands. He will have assurity that he would get paid, and you will have your work done in a proper manner.

Thanks,

prestonhunter
Community Guru
Preston H Member Since: Nov 24, 2014
3 of 15

An NDA is largely meaningless, and is impossible to enforce.

 

You should not be contracting for a project like this without using a qualified project manager.

prestonhunter
Community Guru
Preston H Member Since: Nov 24, 2014
4 of 15

re: "How do I know the freelancer is trustworthy?"

 

There is no way to know before hiring and working with someone if they are trustworthy.

 

Most developers working through Upwork are trustworthy. But there are thousands who are not.

 

This is just one of the reasons why you should work with a qualified project manager, a person who reports to you directly and who is not connected to the developers you hire.

 

A project manager will review their source code. The project manager will tell you that developer #2 is wasting your time and not turning in anything you can use. The project manager will tell you that developer #4 tried to sneak backdoor codes into the project so that she can steal your money. The manager will tell you that #3 is doing good work, but takes twice as long to accomplish the same work as #6.

 

You might hire 4 to 10 developers, but end up only working on a long-term basis with 1 or 2 of them. That is one of the purposes of the project manager.... Helping you determine who to work with.

versailles
Community Guru
Rene K Member Since: Jul 10, 2014
5 of 15

What Preston said. Or, as an alternative, you could hire a 2nd developer which task would only be to analyze the code for quality & safety, without having the ability to edit it.

 

PS: Bilal, with all due respect I think you should refrain giving useless advice.

-----------
"Where darkness shines like dazzling light"   —William Ashbless
lysis10
Community Guru
Jennifer M Member Since: May 17, 2015
6 of 15

@Bilal Y wrote:

Hi Nathan,

I understand your concern being a client, I am writing on the behalf of the freelancers community. 
Upwork is one of the most reliable platforms for spending your money online, and nobody can do fraud with anyone exclusively on this platform.
You can choose a rising talent, top rated Magneto Freelancer from the pool because they have a strong repute on Upwork.
You can sign a NDA, with the freelancer before starting the task -- just to be on safe hand, Upwork itself is no less than NDA and it always respect the confidentiality of a client and a Freelancer.
And to check the code, if it is malicious, make a fixed job contract with the Freelancer and approve the payment milestone after checking and test running, in case there is a glitch in the work, ask the freelancer to fix it before releasing funds.

In this way, you and the other freelancer working for you -- both are on safe hands. He will have assurity that he would get paid, and you will have your work done in a proper manner.

Thanks,


Terrible. No. Rising Talent doesn't mean anything for this. "No one can do fraud exclusively." Terribly not true.

 

When it comes to payment systems, depending on the size of the OP's business, if he is in the US he has certain guidelines he has to follow and I would suggest hiring someone within the same country with a very long history of coding payment gateways. You want someone who understands these types of systems because you don't want to mess with the money system with some random on the internet.

 

The best thing to do is hire within the same country so A) they understand PCI compliance and all that jazz and B) you can pin it on him if there is something critically wrong.  

gerrys
Community Guru
Gerry S Member Since: Nov 23, 2014
7 of 15

You need a "plan"; and probably some extra research on your part.

 

Payment gateways can be off-the -shelf (plug-ins) or custom built (the least desirable option).

 

The gateway can be "free"; or any variation thereof.

 

Your ISP / server host may even be able to suggest an add-in that minimizes your risk and that THEY can add in for you. Go hang out in some Magento forums.

 

And "project managers" come in all shades: from the "people-person" that has no technical clue; to the completely incompetent. Don't assume anything.

 

Then again, most people are "too busy" for due diligence  and instead like to just whine when things go south.

prestonhunter
Community Guru
Preston H Member Since: Nov 24, 2014
8 of 15

re: "And 'project managers' come in all shades: from the 'people-person' that has no technical clue; to the completely incompetent. Don't assume anything."

 

For a project like this, I recommend hiring a project manager who has solid experience with payment gateways, who has worked as a developer, and who can read and understand the source code your developers are sumitting.

 

Note that for any project like this, there WILL be a project manager, whether the project owner hires one or not.

 

That project manager will be one of the following:

a) you

b) the lead programmer

c) a project manager hired specifically to function in this role.

 

The original poster is not going to be able to function as the project manager. If he doesn't hire anybody specifically to function in this role, then the lead program programmer will be the de facto project manager. Which MIGHT work out okay, or it MIGHT NOT.

 

Some major problems with having the lead programmer serve as her own project manager  are:

a) some developers are completely dishonest, and are just trying to rip you off; a dishonest developer will not report herself

b) some developrs are incompetent and will produce essentially unusuable work

c) a developer won't be able to evaluate her own work compared to the work of other developers on the project and recommend that she herself is the weak link who should be fired

browersr
Community Guru
Scott B Member Since: Nov 20, 2015
9 of 15

This is certainly a very valid question and one that goes beyond the fear of freelancer malfeasance.  When you are talking about something specialized it is very easy for someone without the expertise to not really know what they are getting.  This is true even if you get exactly what you asked for.  There are unlimited ways to achieve an objective but not all are good or equal.  Just getting something to work generally isn't good enough.  Is the code maintainable? How will it survive upgrades?  How extensive was the testing?  Is there the right flexibility to expand later?  Will another developer have to spend an inordinate amount of timing trying to understand what was done?  The list goes on.  

 

When we get a home built we know there are independent licensing and certification authorities that are supposed to make sure we don't get electrocuted or have the ceiling fall on our heads.  Similarly when we get a car we have assurances even if we know nothing about how autos work.  No these are not 100% guarantees, but it's hard to  live life waiting for such guarantees.  With development as was stated you should either get a technical PM or another developer.  Obviously look for someone with extensive experience you can see within the profile.  Have at least a written communication with them to see if a coherent conversation is possible without them trying to knock you over with technical jargon.  Obviously do the same with your original developer, but getting a second experienced and independent opinion is the right next step.

3970c18a
Active Member
Nathan D Member Since: Sep 6, 2016
10 of 15

Thanks for all the great comments. I was using the payment gateway as a specific example but my question was more generalised. 

 

I'd really like to dip my toe into the upwork world to build a relationship with a competant developer that I can trust and provide lots of work to. But, as already pointed out, it's potential minefield knowing what quality of work one will receive.

 

I'd like to ask, is it usual to employ project managers in this way? Does one post the job to find a PM and then the PM finds the freelancer?

 

How does the community recommend starting out with an initial job post and selection of somebody who can provide both value and trust?

TOP SOLUTION AUTHORS