Software Security And Code Integrity
2012-03-28 John Poulson
Hackers are out there. So you can't take for granted--now or ever--that it won't happen to you. Achieving software security is a complex problem; what's amazing to me is how often the bad guys get in because someone left the door unlocked. SQL injection attacks, for example, should NEVER happen but they do, and with big consequences.
There's another aspect to software security that's frequently overlooked. If you're distributing application code--executables--how can you be sure that what your user is getting hasn't been tampered with?
How could that happen? Obviously one way is through counterfeiting. A company purports to be a legitimate reseller of your product, but what they're really selling is a cracked version with some malware injected. Like a keystroke logger. Another possibility is you have a freely available demo or trial version with no copy protection (after all, you want people to try it and share it). But a copy with malware starts circulating.
Finally, in critical areas like health care, aviation, or EMR systems you need to be able to assure the users of perfect code integrity all through the distribution pipeline. Anything that can compromise software security of systems with potential life-threatening consequences for failure must be eliminated.
One solid, easy-to-implement method to increase software security ensure code integrity is, of course, to deploy CodeMeter. With either a CmDongle (maximum software security) or CmActLicense (very strong security). With CodeMeter even changing a single bit in the protected executable will prevent the application from running. If it runs, you know you have perfect code integrity from the software developer to the end user. Software security doesn't get any better than that.
Contributor
John Poulson
Sr. Account Manager
A senior manager and well respected security industry expert, John has worked in business development and sales for Wibu-Systems USA since 2001. When not consulting with customers on software licensing and protection solutions, John attends industry trade shows and conferences to stay abreast of the latest developments in the IT world. Prior to Wibu-Systems, John worked for Micro Security Systems, Eagle Data, and Griffin Technologies, all pioneers in software security.
Over the years, John has authored several blog articles on topics of general interest in cryptography as well as monetization of embedded systems in new and innovative ways.