Gartner Report Defines New “Cyberthreat” Category
The threat of reverse engineering, piracy, and subsequent theft of Intellectual
Property (IP) resident within software is a widespread problem for independent software
vendors (ISVs) and application providers. Because the enforcement of IP laws is
weak in emerging markets, the risk of these threats is even higher. However, software
vendors have taken minimal steps to deter the reverse engineering threats.
Gartner, in its September 13, 2006 report “Hype Cycle for Cyberthreats, 2006” (Amrit
T. Williams, et al., Gartner ID Number G00142056), identifies Enterprise Code Reverse
Engineering as an emerging cyberthreat. The report is based on the premise that
“hobby-based malware and cybervandalism still threaten our IT assets, but financially
motivated and targeted cyber attacks against increasingly complex and externalized
IT environments can result in higher damage potential.”
The report goes on to describe “Enterprise Code Reverse Engineering” as the “reverse
engineering of enterprise application code for the purposes of targeting vulnerabilities
or stealing intellectual property.” Although this threat is considered in
the early stage of the hype cycle for enterprise organizations, V.i. Labs believes
the threat itself is nothing new for ISVs.
“Although a relatively new threat for enterprise environments, reverse engineering
application software has been well known to ISVs with respect to software piracy,”
said Victor DeMarines, V.i. Labs’ Director of Product Management and Marketing.
“For years, the cracking community has been using reverse engineering tactics to
unwrap software protection and bypass software licensing systems that are integrated
within high value software.”
Enterprise Code Reverse Engineering is an emerging threat for Enterprise organizations.
V.i. Labs believes that the reverse engineering tools and hacker expertise which
has had years of practice cracking ISV software license mechanisms will make a formidable
threat for sensitive applications being deployed within and outside the Enterprise.
While V.i. Labs agrees that both enterprises and ISVs must explore technologies
to protect against Enterprise Code Reverse Engineering, it strongly recommends that,
while it’s difficult to quantify revenue losses resulting from software piracy with
precise accuracy, it is important to establish a benchmark for measuring the effectiveness
of anti-piracy tactics by comparing the revenue performance of major product releases.
Understanding specific threats and where they are in their life cycle can help organizations
identify and implement appropriate measures of protection.