Intellectual property: Safeguarding your company’s code and software licenses

By Suzanne Kattau

September 25, 2012 — (Page 1 of 3)
As a software organization builds its applications, it creates intellectual property (IP) in the form of code. An organization’s licensing regarding that code and how it’s used is also a form of its IP. Software development managers, corporate executives and legal counsels have two main concerns when it comes to protecting both forms of IP: They want to protect their own IP from being stolen, and they want to ensure that their own developers aren’t inadvertently infringing on other organizations’ IP that they haven’t licensed. The question is, just how do they do both?

Discussions of IP security can cover a wide range of issues, so for the purposes of this article, we will narrow the focus. According to Garret Grajek, CTO and cofounder of SecureAuth, a maker of identity-protection software, there are two issues: “One, how you protect your IP within the enterprise, and two, how you protect your IP in distribution.” According to experts in the intellectual property field, the first step to protect your IP is data classification. In this critical step, you identify and classify the IP that should be protected.

Depending on your company, those can be items that provide a competitive advantage such as proprietary trade secrets, algorithms in your source code, or any unique characteristics of your product that you don’t want replicated. For example, if you compiled a custom database of information that allows you to do something faster or better than your competitors, this is IP that must be protected.

“As you build your software, you ask yourself, ‘What is in my code that’s intellectual property?’ ” said Vince Arneja, vice president of product management at application protection provider Arxan Technologies. “Is it the algorithms that I’m using here for the performance of this particular function? Is it this particular piece of code that is enabling some functionality that’s very unique and patented? What is the true jewel of my software?”

The next step is to assess your inherent risk. You need to decide early on the relative importance of your IP. “Some questions to ask yourself include, is this code something that is just run internally inside your company, or is this code something you’re giving out to customers and to people outside your organization? Because you might make a decision differently based on that criteria,” said Gabriel Torok, CEO and cofounder of PreEmptive Solutions. PreEmptive Solutions makes software for code obfuscation.

“If it’s an internal app only and it doesn’t have a lot of IP, there’s probably no reason to protect it. But if it’s an external app that has a lot of IP, you should protect it,” he said. Intellectual property

What would the business risks be if your code, your databases or your IP were to be exposed? What would the repercussions be if your IP is made public and distributed all over the Internet or into a competitor's hands? Some of the risks could include reputational risks, such as news that you were breached or had the possible loss of a competitive advantage. What effect would it have on your business if you did something better than everyone else, and now everyone else can do it as well as you do?

Another risk to exposing source code is that it becomes much easier for hackers to attack your software products. If an attacker has your source code, finding and exploiting vulnerabilities are much easier. If your IP includes customer lists and gets out, your competitors could have a list of customers to target. If the exposed IP includes your cost information and profit margins, your competitors could underbid you on key projects.

Related Search Term(s): intellectual property, security

Pages 1 2 3

Share this link: http://sdt.bz/36963

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Cigital Develops Ready-to-Use Tools for Securing the Smart Grid Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan.

Department of Homeland Security lays down security suggestions Common Weakness Enumeration version 2.0 highlights flaws in software development practices

Metadata Security for SharePoint Adds Security Permissions Titus Metadata Security for SharePoint allows permissions to be assigned based on the recipient's Active Directory properties

Cigital Develops Ready-to-Use Tools for Securing the Smart Grid
Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan Read More...