Software Security And Code Integrity

Hackers are out there. So you can't take for granted--now or ever--that it won't happen to you. Achieving software security is a complex problem; what's amazing to me is how often the bad guys get in because someone left the door unlocked. SQL injection attacks, for example, should NEVER happen but they do, and with big consequences.

There's another aspect to software security that's frequently overlooked. If you're distributing application code--executables--how can you be sure that what your user is getting hasn't been tampered with?

How could that happen? Obviously one way is through counterfeiting. A company purports to be a legitimate reseller of your product, but what they're really selling is a cracked version with some malware injected. Like a keystroke logger. Another possibility is you have a freely available demo or trial version with no copy protection (after all, you want people to try it and share it). But a copy with malware starts circulating.

Finally, in critical areas like health care, aviation, or EMR systems you need to be able to assure the users of perfect code integrity all through the distribution pipeline. Anything that can compromise software security of systems with potential life-threatening consequences for failure must be eliminated.

One solid, easy-to-implement method to increase software security ensure code integrity is, of course, to deploy CodeMeter. With either a CmDongle (maximum software security) or CmActLicense (very strong security). With CodeMeter even changing a single bit in the protected executable will prevent the application from running. If it runs, you know you have perfect code integrity from the software developer to the end user. Software security doesn't get any better than that.