What Happens When a Drone Company’s Source Code Leaks? Legal and Security Lessons

On April 22, reports emerged that Bilibili’s website source code was briefly exposed on GitHub, prompting a public warning against illegal code disclosure.

In a related high‑profile case, a Shenzhen court sentenced a former DJI employee to six months in prison and a fine of 200,000 CNY for illegally leaking the company’s source code.

The leaked code, used in DJI’s agricultural drone products, caused an estimated economic loss of 1.164 million CNY despite the company’s existing confidentiality measures.

According to the Shenzhen People’s Procuratorate, security researcher Kevin Finisterr discovered a severe vulnerability in 2017 that could expose SSL private keys and sensitive customer data stored on DJI servers.

The employee, who previously worked as a software engineer on DJI’s agricultural drone management platform and spray system, uploaded the code to a public GitHub repository via a command, thereby exposing the proprietary software.

GitHub, the world’s largest code‑sharing platform, allows users to create public repositories that are visible to anyone worldwide.

Source code represents a company’s intellectual property and competitive edge, making its protection critical.

Chinese criminal law (Article 219) defines the crime of infringing commercial secrets as obtaining or disclosing such secrets by illegal means and causing significant loss to the rights holder.

Penalties range from up to three years’ imprisonment and fines for ordinary cases to three‑to‑seven years and higher fines for especially serious consequences.

The employee deleted the code, cooperated with investigators, and publicly expressed remorse, stating he unintentionally leaked DJI’s confidential information and is willing to bear legal responsibility.