Wall Street & Technology: Blog
subscribe April 05, 2007

Do You Need to Obfuscate?

Did you know that when you create an application using Java or .net, anyone can drag and drop that executable to a free decompilation tool such as Reflector (for .net) and then be able to see all the source code behind it? Such examining of code and perhaps reverse engineering can be done for benign reasons – to debug the application, for instance, or to provide better training or support. But sneak-peeking at software code can also be done maliciously, by competitors, disgruntled employees or hackers who want to steal intellectual property or get into a computer system. Obfuscation software inserts additional code into an application to prevent a would-be IP thief or hacker from being able to reverse-engineer the code.

Microsoft bundles a lightweight obfuscator in Visual Studio that it OEMs from PreEmptive Solutions. PreEmptive also offers a heavier-weight, corporate version. The obfuscator notifies a company when its software has been tampered with. According to Sebastian Holst, senior vice-president of PreEmptive, the tamper notification service is like a smoke detector in that it’s inexpensive and easy to use yet it could potentially help you avert catastrophe. The software is priced at $5,000 per build machine; a typical enterprise license is $25,000. Next week, PreEmptive will come out with a “thermostat”: dashboards and benchmarks that keep track of software performance and vulnerabilities.

Is this a vital area that Wall Street firms should be focusing on now? Not quite, according to Joseph Feiman, vice-president and Gartner Fellow. While he feels application security, particularly for web-based applications, is a very important issue for Wall Street this year (we'll be following up on this at a later date), he sees obfuscation as a small subset of the broader application security problem. “As long as companies’ software and their intellectual property stay within the premises, they’re safe,” he says. “Where obfuscation useful is where applications leave the enterprise.” So if a Wall Street firm shares its applications with partners or customers, then it might want to consider obfuscation, as should a company that doesn’t trust its own employees who use sensitive applications.

Posted by Penny Crosman at 05:34 PM



This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.


CHECK THIS OUT

Make your organization more efficient and customer focused. Visit the Transaction Lifecycle Management Site today!


Featured White Paper
Grupo Santander Uses TLM Reconciliations to Reduce Operational Risk, Boost Efficiency

Events

Live Events:
Advanced Trading's Buy-Side Trading Summit
November 15 - 17, 2009


Marketplace

Career Center


Ready to take that job and shove it?

Function:
Information Technology
Engineering
State:


Keyword(s):

Browse By:
State | City

Techweb
Informationweek Business Technology Network
InformationweekInformationweek 500Informationweek 500 ConferenceInformationweek AnalyticsInformationweek Events
Informationweek MagazineGlobal CIOIWK Government ITbMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingPlug Into The CloudDr. DobbsContentinople
space
TechWeb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0Mobile Business ExpoNoJitter
Black HatGTECEnergy CampCloud ConnectEnterprise Cloud SummitCloud Summit ExecutiveGov 2.0 ExpoGov 2.0 Summit
space
Light Reading Communications Network
Light ReadingLight Reading AsiaUnstrungCable Digital NewsInternet EvolutionPyramid Research
Heavy ReadingLight Reading LiveLight Reading InsiderEthrnet ExpoTelco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems and TechnologyInsurance and TechnologyWall Street and TechnologyAccelerating WallstreetBST SummitBuyside Trading SummitIT Summit
space
Microsoft Technology Network
MSDNTechNetTotal IT ProTotal Dev ProTotal IT Pro CommunityTotal Dev Pro Community
space