I have an existing SAAS platform and I am in the process of working with multiple implementation partners or vendors for some enhancements. How do I make sure my source code is protected? Some of these vendors are in south Asia as well and I am NOT sure how NDA will be helpful.
Other option is to break the source code into different components and provide access to only one component to each vendor. Is this makes sense or this is something I don't need to worry about.
This is more of a technical question, and the answer is more about software architecture, but what you need to do is create a decoupled environment that uses a facade.
Decoupled software is all about software that isn't coupled. Coupling is explained here: http://en.wikipedia.org/wiki/Coupling_%28computer_programming%29 And facades are a design pattern that allows you to create a interface that hides the details of the code below, like an API, described here: http://en.wikipedia.org/wiki/Facade_pattern So what you do is never give your source code to the people you don't trust. Instead, you give them a compiled library with an API (the Facade). Their code and yours too, needs to be architected in a way that neither is not dependent on the other in order to operate; as soon as their is a dependency, the code is coupled. It's a good practice to do this anyway, because if you discover their code is sub-standard, you can replace what they wrote with another library as long as the other library writes to the same facade/api.
A facade will go a long way to decoupling the code.
Hope that helps.
Here are few ideas on how this can be solved: