Seeking help identifying software development security tool
Hi,
First, my apologies if you feel this is a mispost or that I’ve invaded the wrong “realm” (please don’t flame me :( Also, this is posted to the C++ forum as well). I chose this forum (along with a few others) because I am seeking help from the C/C++ programming community. I am open to suggestions of places that might be better to seek this kind of help.
I am involved with a stealth–mode startup and have been asked by my engineering staff to help them locate a particular kind of software development security tool for their C/C++ programming efforts. There is a mission to protect our intellectual property above and beyond licensing and activation requirements/restrictions. My engineering team has mentioned features that would include tamper-proofing, obfuscation, watermarking, among others. I’m a noob at this and still learning. However, I interpret this as an effort to protect our executable code.
I would be very grateful for any help (and time) you can offer. I’ve created a short set of questions (I tend to like to be organized ;) the answers to which would be a great help. However, I’m also very accepting of more “free form” responses, as well. You can reply to this post either publicly or privately (if that capability exists).
Again, thank you for your time and any insight you can offer. If my research results in any information different from what I receive here, I’ll be happy to come back and post those results. Or, you can contact me directly and I’ll forward on a copy of my results.
Cheers…Steph
Questions
1. What are the top 3 products/companies you considered for this software development security tool, the top 2 or 3 features you liked about the product (or company), and why?
1A. Product/Company 1:
Feature 1:
Why:
Feature 2:
Why:
Feature 3:
Why:
1B. Product/Company 2:
Feature 1:
Why:
Feature 2:
Why:
Feature 3:
Why:
1C. Product/Company 3:
Feature 1:
Why:
Feature 2:
Why:
Feature 3:
Why:
2. If you purchased the product, are you willing to share pricing information?
2A. Product purchased:
2B. Price: per (1 seat, 5 seats, 10 seats, unlimited, etc.)
3. If you purchased the product, did it:
3A. Exceed expectations: ( ) Yes ( ) No Why:
3B. Meet expectations: ( ) Yes ( ) No
3C: Fail to meet expectations: ( ) Yes ( ) No Why:
4. For those products you did not select, what are the top 3 reasons you did not select them (and was there a common reason among a number of the products)?
4A. Reason 1:
4B. Reason 2:
4C. Reason 3:
Seeking help identifying software development security tool
Thanks much for the suggestion. We are trying to avoid hardware dongles because of the logistics you mention. However, it is on our list. Appreciate your input. Cheers...Steph
Quote:
Originally Posted by
CornedBee
Software protection through technical means is worth it when each license of your product is sold for a 5-digit sum or more. The problem is the cost of deploying a good system. When you really want effective protection, you need a hardware dongle. Purely software-based systems are generally too easy to crack, leading to problems for legitimate users without any benefit. Hardware dongles mean: shipping a dongle to each customer (there's a license fee for that from the protection company), shipping license updates, offering support when users fail to correctly apply the updates (frighteningly common), offering support when the dongles don't work for another reason (e.g. firewalls), and of course the whole support programming you have to do. There is a pretty big cost associated with hardware dongles, and since quite a bit of it is per-customer, it's only viable when you ship to 100 customers for 50000$ each, not when you ship to 50000 customers for 100$ each. That said, we've had reasonably good experience with the Wibu CodeMeter hardware dongle system.