Advert

Open to suggestions

Should you invest time and effort in protecting your source code or go the open source way, asks Matthew Anthony Pace.

All businesses want to protect their software from being copied or pirated. But is it really worth obfuscating or implementing other methods to prevent competitors from reverse engineering your code or freeloaders from releasing a pirated version of your software?

The answer depends on the type of application you have developed, because if an individual or a competitor is truly motivated and has enough resources and experience, then they will bypass any protection implemented to gain access to the application logic.

All software, whether on an embedded piece of hardware or just an application installed on a computer or mobile device, can be decompiled via the many tools available online. Some applications, which have special protection methods implemented in them, may be harder to decompile or to understand due to obfuscation. However, it is not impossible to re-engineer the logic back to a working compliable state.

There are ways to help mitigate your source code and logic from being seen and reviewed by third parties. One solution is to be selective in who you provide your software to – the downside is that this would ultimately limit the growth of your product to a small number of users, which may be fine for bespoke software, but would be detrimental to a business looking to grow.

By open sourcing your code, you and your users can enjoy various benefits

A quick solution which does not require to make any code or logic changes is to obfuscate your code. While this may prevent the less experienced from decompiling and reviewing your application logic, it may just make it a tiny bit more difficult for someone who is more experienced. One tool which provides obfuscation and a number of other added functionalities such as ­automated error reporting is ­SmartAssembly.

You can also move the software’s core logic and functionality online as a web service, hosted at a secure and trustworthy service provider that has ISO security certification and only leaving the bare essentials on the desktop or mobile application. Alternatively, you can completely rewrite the offline application as an online web application – this would obviously require users to have a constant internet connection for the product to be usable.

A radical alternative to all these solutions is to open source your code. This does not mean that you provide your compiled software, patents and core logic for free. When it comes to business-to-business or even non-technical user sales, you would not lose sales or profit because users would still need accountability, support and in most cases customisation to support their internal processes.

By open sourcing your code, you and your users can enjoy various benefits, including quicker turnaround to bug reporting and fixing as this can be done by the users and then it can be reintegrated into the original software, where a patch can be created which can be distributed to others easily. Additional advantages include security practice improvements, as the source code can be reviewed by the public. If there is a security issue, this can be more efficiently escalated and resolved. Also, the overall product quality will improve, as improvements can be suggested and possibly implemented by the users.

There are various options to license your software under open source. Some licences will protect both your software and your copyrights while others are less protective in terms of what third parties can do with your source code. It is possible to have multiple licences for the same software, which can be used for different use cases, such as personal use and business use.

One such licence that is protective and allows for freedom at the same time is the GNU general public licence. This allows others to copy, distribute and modify your software as long as they track the changes they made either written somewhere or on a version control system. This allows you and others to learn, copy and review the changes, so they can be re-implemented back into your software if they seem valid improvements or features.

When releasing your source code under the GPL license, keep in mind that it is a criminal offence if the derived software is not using the same licence that the originating software was using and if they do not provide public access to the modified source code.

There are many other open source licences available and each should be carefully reviewed to see if one or more match the type of business model in use.

Matthew Anthony Pace is a software developer and electronics designer by day and a security researcher and blogger by night. He blogs at https://looku.ga .

Comments not loading? We recommend using Google Chrome or Mozilla Firefox with javascript turned on.
Comments powered by Disqus  
Advert
Advert