Written by Tim Regas
What is software security?
The security of your software is one of the most effective barriers to deter threats from hackers, whether from large institutional hacking groups or smaller-scale proof of concept attacks. These malicious users aim to compromise the authenticity, integrity, and availability of your software. Any action taken by developers to ensure hackers don't gain access to software code is considered software security.
How does software security affect licensing?
Software security dictates the effectiveness of your licensing because terms of licensing are embedded within the application code, and hackers typically target licensing first when breaking down that code. Once the code is disabled, casual attackers have the ability to use or distribute your application, robbing you of licensing revenue. More sophisticated attackers are able to run the software with no restrictions, amplifying their theft of your valuable intellectual property.The higher the security, the greater your ability to enforce licensing terms, increase revenue, and prevent loss of intellectual property.
One way to understand how licensing and software security work together is by using a simple analogy. Imagine, if you will, a hotel or apartment swimming pool as the software you intend to license. You’ve spent a considerable amount of time building the perfect pool with all the bells and whistles to meet any customer’s needs, soyour next goal is to make your work profitable. You decide to build a fence with a gate and post a sign specifying who is allowed to use the pool. Itwill be effective at keeping wildlife and some very honest people out, however, with thisminimalapproach to security,you are not likely to make much money. Software vendors often take the same approach, allowingcustomers to download the softwarewith just one payment and one click to agree to the terms of service (ToS). Yet, once the software has been purchased there is nothing beyond the ToS to prevent users from reusing, distributing, or hacking the application.
After analyzing the amount of revenue you may have lost by not implementing a little more security, you decide tokeep the sign posted, but increase security by installinga lock on the door.The key will only be given to those who have paid to enter. This is an improvement, as it will probably get many more people to pay for access; however,if the small gaps between the fence’spickets have been overlooked,anyone who is inclined to do so could squeeze their hand through the fence, unlock the gate,and gain entry without paying.These small gaps are comparable to a common oversight we see when implementing licensing:everything is locked and controlled from the dongle,but the developers forget to include our anti-debugger in the software, which is akin to leaving tiny spaces between fence pickets. The anti-debugger patches the gaps byattaching to the software during runtime, thwarting hackers’ attempts to view your source codeand preventing them from stealing your intellectual property or reverse engineering your software to circumvent licensing.
Software security and, more generally speaking, security, is a game of cat and mouse. For every precaution you take, there could be someone with the time and resources to break in. It is important to consider software licensing in tandem with software security because, without the latter, licensing is nothing more than a sign posted on the wall.