News on Software Piracy and Tampering
Provided by: Arxan Technologies, Inc.

 Back to Articles

Software Development TimesSPECIAL REPORT

By Lisa Morgan
Software Development Times
Feb. 15, 2008

… Laila Arad-Allan, director of product management at Aladdin Knowledge Systems, said that it’s easier to calculate the loss of illegal copies because they can be counted. But it’s more difficult to determine the level, and value, of code that has been stolen. As a result, software developers need two types of protection: copy and intellectual property (IP), each requiring different tools. “Copy protection guards against the unauthorized use and distribution of software, while IP protection helps prevent copycatting,” she said. “The point is to make it difficult for individuals and groups to reverse engineer software, because otherwise they may be able to understand the logic, algorithms and flow—IP embedded in the code.” Besides professional thieves, some individuals and corporations abuse legitimate licenses by copying software onto multiple computers or buying 10 seats and allowing 100 workers to use the software. According to Amena Ali, chief marketing officer at Arxan Technologies, the offenders don’t realize that buying a software license simply means they have a limited right to use it. Instead, she said, they think that because they bought the code, that justifies illegal overuse. Vadim Katcherovski, president of Logic Software, said that end-user piracy and overuse pose the most serious problem for developers, even though the rate of downloads from peer-to-peer networks is increasing.

Add to that a generation joining the work force that has grown up with try-before-buy software, gaming shortcuts, and YouTube how-tos and the problem is no longer just technical—it’s cultural.

WHERE DOES IT FIT?
Into which life cycle software protection fits is another issue. Protection can be viewed in terms of the software development life cycle, but because a developer’s software product is a corporate asset, it needs to be contemplated in business terms. Meanwhile, the Sarbanes- Oxley Act mandates asset protection and an auditable trail of that protection. That’s why line-of business managers, chief financial officers and others are getting involved, or so say vendors. “Software development is no longer silo’d. You can’t just build it, ask whether it meets the market requirement and consider the job done,” said Sebastian Holst, senior VP of PreEmptive Solutions. “How you build software translates to security and financial risks, and therefore you’re obligated to align software development practices with business stakeholders.” Arxan’s Ali says some development shops just lack awareness: They don’t know how much intellectual property is being siphoned off, or to what extent illegal copy distribution is affecting the bottom line. And they don’t know what to do about it. “Hackers delight in the gap between application development and security,” Ali said. “They may not even be thinking of application security, and the whole company pays for it. It’s not just about getting software out; it’s about getting a sustainable asset out that’s protected via security.” Finally John Dozier, managing partner at Dozier Internet Law, says that software developers, software protection and digital rights vendors located in the U.S. are making the mistake of viewing piracy in terms of American standards of behavior. “You can’t evaluate risks [ifthe analysis is] based on what we in the U.S. think are human motivators,” he said.


Resources
Office Locations
Employment Opportunites
Technical Support
White Papers
Learn about Best Practices for Protecting Intellectual Property
Contact Us

Home | Software Protection Products | Anti Piracy Solutions | Technology and Research Partners
About Arxan Technologies | Resources and Contacts | Anti Tamper Systems | Site Map
© Copyright 2008 Arxan Technologies, Inc. All rights reserved. Privacy Policy

 Software & Information Industry Association Information Systems Security Association Electronics Design Automation Industry