Most Read
- Merrill Lynch Speeds Up Application Development
- How the NYSE Achieves Low Latency
- Buy Side Seeks Independent Valuation Providers for OTC Derivatives After Credit Crisis
- The Low-Latency Race
- Getting That Single Version of the Truth on Wall Street
- SR Labs Unveils Low Latency OMS with Market Data
- Is Wall Street Ready for the iPhone?
- The OMS Dilemma: Speed vs. Intelligence
April 05, 2007
Do You Need to Obfuscate?
Did you know that when you create an application using Java or .net, anyone can drag and drop that executable to a free decompilation tool such as Reflector (for .net) and then be able to see all the source code behind it? Such examining of code and perhaps reverse engineering can be done for benign reasons – to debug the application, for instance, or to provide better training or support. But sneak-peeking at software code can also be done maliciously, by competitors, disgruntled employees or hackers who want to steal intellectual property or get into a computer system. Obfuscation software inserts additional code into an application to prevent a would-be IP thief or hacker from being able to reverse-engineer the code.
Microsoft bundles a lightweight obfuscator in Visual Studio that it OEMs from PreEmptive Solutions. PreEmptive also offers a heavier-weight, corporate version. The obfuscator notifies a company when its software has been tampered with. According to Sebastian Holst, senior vice-president of PreEmptive, the tamper notification service is like a smoke detector in that it’s inexpensive and easy to use yet it could potentially help you avert catastrophe. The software is priced at $5,000 per build machine; a typical enterprise license is $25,000. Next week, PreEmptive will come out with a “thermostat”: dashboards and benchmarks that keep track of software performance and vulnerabilities.
Is this a vital area that Wall Street firms should be focusing on now? Not quite, according to Joseph Feiman, vice-president and Gartner Fellow. While he feels application security, particularly for web-based applications, is a very important issue for Wall Street this year (we'll be following up on this at a later date), he sees obfuscation as a small subset of the broader application security problem. “As long as companies’ software and their intellectual property stay within the premises, they’re safe,” he says. “Where obfuscation useful is where applications leave the enterprise.” So if a Wall Street firm shares its applications with partners or customers, then it might want to consider obfuscation, as should a company that doesn’t trust its own employees who use sensitive applications.
Posted by Penny Crosman at 05:34 PM
This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
Greg MacSweeny Columns
Greg MacSweeneyOverbearing Market Reform Will Only Slow Market Innovation
As investors call for extensive regulatory oversight of certain derivatives, regulators mu...
What You Don’t Know Will Hurt You
Larry Tabb Columns
Larry TabbOpportunities Beckon Amid Economic Turmoil
A shaky economy and the defibrillation of many fixed-income products provide fertile groun...
NYSE TransactTools May Be NYSE Euronext’s Most Important Asset
CHECK THIS OUTNovell Real Time Linux Webcast SeriesIn order to succeed, companies must be able to respond quickly, deliver superior value and quality of service, and carefully manage their costs. In this series of brief webcasts, you will learn how SUSE Linux Enterprise Real Time from Novell enables organizations to respond quicker by delivering low latencies, deliver increased value with fast response times, and better manage costs. |
EventsLive Events:Buy-Side Trading Xchange June 04, 2008  Buy-Side Trading Summit 2008 November 16-18, 2008 Web Events: 2008 Market Mandates and Rich Internet Application Trending for Online Business Banking Channels 2008 May 20, 2008 How Can Financial Firms Build a Better Data Center? May 29, 2008 Market Trends 2008 and Rich Internet Applications: Online Channels Retirement and Benefits Service Portals June 03, 2008 Market Trends 2008 - Rich Internet Applications: Next Generation Online Financial Portals in Financial Services June 04, 2008 Straight Talk About Low-Latency: The Value of a Millisecond June 19, 2008 |
White PapersLevel 3 Connectivity KitStay ahead of the bandwidth curve. The Level 3 Connectivity Kit provides full resources to help you make informed decisions regarding your network infrastructure. Download the Data Center Networking Strategies for Financial Services Firms White Paper; Business Class Ethernet: Trends in Perspective eBook and BC/DR Best Practices for the Data-Intensive Enterprise Gartner Webcast Surviving and Thriving in a Challenging Market Learn how financial services firms can use customer-centric strategies and tools to maximize client value and loyalty, gain insight into new opportunities, and do more with less, counteracting market volatility. |
Marketplace |
Career CenterReady to take that job and shove it?
|
Most Recent Job Posts:
* Tower Hill insurance Group, Inc. seeking Programmer in Gainesville, FL
* CAST Software, Inc. seeking Senior Pre-Sales Engineer in Chicago, IL * Broadcom seeking Principal Software Engineer in Irvine, CA * ITT Corporation seeking Senior Program Manager in Fort Wayne, IN * Tower Hill insurance Group seeking Help Desk Director/AVP in Gainesville, FL For more tech jobs in the industry, visit Wall Street & Technology's Career Portal. |
