Wall Street & Technology: Blog
subscribe April 05, 2007

Do You Need to Obfuscate?

Did you know that when you create an application using Java or .net, anyone can drag and drop that executable to a free decompilation tool such as Reflector (for .net) and then be able to see all the source code behind it? Such examining of code and perhaps reverse engineering can be done for benign reasons – to debug the application, for instance, or to provide better training or support. But sneak-peeking at software code can also be done maliciously, by competitors, disgruntled employees or hackers who want to steal intellectual property or get into a computer system. Obfuscation software inserts additional code into an application to prevent a would-be IP thief or hacker from being able to reverse-engineer the code.

Microsoft bundles a lightweight obfuscator in Visual Studio that it OEMs from PreEmptive Solutions. PreEmptive also offers a heavier-weight, corporate version. The obfuscator notifies a company when its software has been tampered with. According to Sebastian Holst, senior vice-president of PreEmptive, the tamper notification service is like a smoke detector in that it’s inexpensive and easy to use yet it could potentially help you avert catastrophe. The software is priced at $5,000 per build machine; a typical enterprise license is $25,000. Next week, PreEmptive will come out with a “thermostat”: dashboards and benchmarks that keep track of software performance and vulnerabilities.

Is this a vital area that Wall Street firms should be focusing on now? Not quite, according to Joseph Feiman, vice-president and Gartner Fellow. While he feels application security, particularly for web-based applications, is a very important issue for Wall Street this year (we'll be following up on this at a later date), he sees obfuscation as a small subset of the broader application security problem. “As long as companies’ software and their intellectual property stay within the premises, they’re safe,” he says. “Where obfuscation useful is where applications leave the enterprise.” So if a Wall Street firm shares its applications with partners or customers, then it might want to consider obfuscation, as should a company that doesn’t trust its own employees who use sensitive applications.

Posted by Penny Crosman at 05:34 PM



This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.


Greg MacSweeny Columns

Greg MacSweeney
Overbearing Market Reform Will Only Slow Market Innovation
As investors call for extensive regulatory oversight of certain derivatives, regulators mu...

What You Don’t Know Will Hurt You

Wall Street Changes Are Visible

The Term Web 2.0 Is Fading Away

CHECK THIS OUT

Novell Real Time Linux Webcast Series
In order to succeed, companies must be able to respond quickly, deliver superior value and quality of service, and carefully manage their costs. In this series of brief webcasts, you will learn how SUSE Linux Enterprise Real Time from Novell enables organizations to respond quicker by delivering low latencies, deliver increased value with fast response times, and better manage costs.

Events

Live Events:
Buy-Side Trading Xchange
June 04, 2008

Buy-Side Trading Summit 2008
November 16-18, 2008


Web Events:
2008 Market Mandates and Rich Internet Application Trending for Online Business Banking Channels 2008
May 20, 2008

How Can Financial Firms Build a Better Data Center?
May 29, 2008

Market Trends 2008 and Rich Internet Applications: Online Channels Retirement and Benefits Service Portals
June 03, 2008

Market Trends 2008 - Rich Internet Applications: Next Generation Online Financial Portals in Financial Services
June 04, 2008

Straight Talk About Low-Latency: The Value of a Millisecond
June 19, 2008


White Papers

Level 3 Connectivity Kit
Stay ahead of the bandwidth curve. The Level 3 Connectivity Kit provides full resources to help you make informed decisions regarding your network infrastructure. Download the Data Center Networking Strategies for Financial Services Firms White Paper; Business Class Ethernet: Trends in Perspective eBook and BC/DR Best Practices for the Data-Intensive Enterprise Gartner Webcast

Surviving and Thriving in a Challenging Market
Learn how financial services firms can use customer-centric strategies and tools to maximize client value and loyalty, gain insight into new opportunities, and do more with less, counteracting market volatility.

Marketplace

Career Center


Ready to take that job and shove it?

Function:
Information Technology
Engineering
State:


Keyword(s):

Browse By:
State | City