COMMENTARY

4 steps to securing your software and protecting your IP

Our world today runs mostly on software. At the heart of any software product is its source code: a sort of digital genome that defines its properties and how it functions. Source code is the key to nearly every technology solution and innovation. It is also intellectual property and the primary source of the product’s value.

New policies and procedures enacted by foreign governments in the last year force an alarming quid pro quo on technology vendors: “Permission to sell your software in our country depends on your willingness to let us inspect its source code.” These “inspections” are positioned as necessary by the importing country to ensure the software is secure and controllable.

This new trading condition poses a Faustian bargain to technology vendors, where the soul of an innovation is exchanged for a market opportunity. We can be certain the devil will have his due. Access to source code lets foreign governments plant back doors into those products. Later, those same actors can hack those products for nefarious purposes after they’re sold on the open market.

It is also an invitation to IP theft disguised as a security measure.

We don’t yet know how this is going to play out. We only know that we’re going to need the technology industry, policy makers, and trade representatives from all countries involved to come together and develop an international consensus on ways to address this problem.

In the meantime, vendors and users of technology and telecommunications solutions can take steps to reduce their risks when they trade source code access for market access:

  1. Double down on security protections.

Ensure security is embedded within the software product end-to-end; prioritize and deploy a layered security approach to help protect the endpoint(s), network and data/application. Users and vendors should work together and complete the latest software updates and security fixes as rapidly as possible. Network security controls, data encryption, identity and access management and other partitioning can help minimize exposure of vulnerabilities to adversaries.

  1. Integrate new protective measures.

Technology vendors routinely customize their offers for foreign markets. That’s an opportunity to add capabilities that protect source code from exploitation. These might include: capabilities that help ensure the integrity of the software and updates; features to detect intrusion attempts into or through the platform; and locking down certain features that too easily introduce vulnerabilities.

  1. Create custom settings on cybersecurity detection and management software tools.

This can include threat monitoring and policy settings that can help detect and defeat intrusion attempts.

  1. Choose open source.

Vendors should use an open source model to develop products and platforms. It’s a “wisdom-of-the-crowd” approach to development that can help reduce exposure to vulnerabilities.

About the Author

Jill Singer is vice president for national security ats AT&T Public Sector. Her prior leadership roles include serving as CIO of the U.S. National Reconnaissance Office and as the former deputy CIO of the U.S. Central Intelligence Agency.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

I agree to this site's Privacy Policy.