Feb 21st Forrester / V.i. Labs Webinar: Best Practices for Protecting .NET Applications

Just wanted to discuss the reason why we chose this Web seminar subject. We considered many topics that were relevant to the software protection space like anti-piracy, gaming security and others. However, I have personally noted a significant trend in the markets we focus on (high value software vendors and enterprise application developers) – more and more organizations are adopting the Microsoft .NET framework for application development and at the same time realizing the challenge of securing the code from decompiling.

For example, we had a recent prospect that had performed an open source audit of their application code and was very surprised by the level of source code information visible within their .NET binaries. My belief is that this issue has been well known at the developer level, but is only now gaining visibility within the corporate council and business unit levels because of the threat to their IP resident within the software applications.

We also approached Chenxi Wang from Forrester because of her expertise and interest in this area. In fact she did her doctoral thesis in software (see her bio here). So if you have a chance, please join us for the Webinar – I believe you will find it informative and not the typical product pitch.

-Vic

Another Scare With Software Development Outsourcing

What does Solidworks, Alibre Inc, and  InterOp Software have in common?

They were all victims of source code theft by disgruntled employees of these organizations international outsourcing partners. The InterOp incident was reported by an Indian news service. See additional discussion  on Steve Gold's SecurityWatch blog. It involved an employee of 3DPLM Software Solutions, an India based outsource development company sending InterOp’s source code to the employee’s husband before she resigned. 3DPLM put the value of the source code at $12M. No discussion on the motive, but I would guess she had new job with one InterOp's competitors.

-Vic

Security is a differentiator: Refreshing change for the software security industry

As a software security professional, it is a good thing that end users of security technology are beginning to position it as a differentiator in their own offerings. The security industry in general has had to produce subjective ROI or sell fear to support it sales. Application and data integrity will becomes increasingly important especially on the heels of a record setting year of breaches (CIO Today) . The way in which application providers add security  to their products and services will be viewed as a differentiator. This not only true of enterprises, but with traditional software application vendors. Some examples of this trend are:

- Recent article, "Banks Using Security to Increase Customer Trust and Their Bottom Lines "

- Time Warner and others choosing Blue-Ray DVD format over HD DVD partly based on the better DRM controls, AACS.

-Vic