Vulnerabilities / Threats
5/18/2011
11:04 AM
Connect Directly
RSS
E-Mail
50%
50%

Schwartz On Security: Developers Battle Piracy Channels

Business Software Alliance report finds widespread software piracy, but experts say market pressures are to blame.

What's the best way for software developers to deal with piracy?

That question is pertinent given last week's release of the 2010 BSA Global Software Piracy Study, which was commissioned by the Business Software Alliance, a trade organization, and conducted by market researcher IDC and Ipsos Public Affairs, a public opinion research firm.

According to the study, which looked at software-usage practices in 116 countries, "the commercial value of software piracy grew 14% globally last year to a record total of $58.8 billion." Given the BSA's members, which include Adobe, Apple, Microsoft, and Symantec, the pirated software in question likely refers largely to personal and productivity applications.

Interestingly, the BSA report found that the most prevalent form of piracy wasn't bootleg copies sold from markets or applications procured via peer-to-peer networks. "The most common way people in developing economies engage in piracy is to buy a single copy of software and install it on multiple computers--including in offices," said the report. "Most PC users believe this practice is legal at home (57% in developing economies and 63% in mature economies), and about half believe it is legal at work (51% in developing economies, 47% overall)."

What's the best way for software vendors to target this lost revenue? For starters, it helps to see software piracy from the standpoint of a consumer--paid up or otherwise. That's because according to a study released earlier this year, which was backed by Canada's Social Science Research Council, "piracy is chiefly a product of a market failure, not a legal one." In other words, piracy most often occurs when people have difficulty procuring legitimate copies of software, or face few legal disincentives.

"The mentality in certain geographies is one of 'we will use it until we are caught,'" Victor DeMarines, VP of products for V.i. Labs, which develops piracy detection and business intelligence tools for independent software vendors (ISVs), said in a telephone interview. "ISVs must realize they are competing with piracy channels as an effective distribution for any type of software, including high-value applications."

Suspecting or knowing there's a problem, however, is only part of the challenge. Indeed, a vendor may suspect that its software is the de facto standard for a region, but won't have the licensees to show for it--"similar to the early days of Autodesk [and its] CEO referencing that 95% of China uses AutoCAD, but we only have one paid license," said DeMarines.

To address that situation, software vendors can increase their distribution, sales team, or legal presence in the target country. In addition, large organizations often have the BSA or existing legal relationships at their disposal, and an amnesty or anti-piracy program that converts pirated software users into paying customers, even for a license fee of a few dollars, can mean a few million dollars in additional revenue.

But such economies and backing, not to mention organizational growth, aren't always available to smaller software vendors, and in some countries, they may simply be out of luck. "Take China. In Hong Kong, you might have better luck. In Taiwan, there are processes there you can manage. Whereas in China, it's all about how much presence you have in the country that will dictate the success you have in the country," said DeMarines. In other words, unless you're a large software vendor, think twice before pursuing piracy in some countries, such as China.

On the other hand, mature markets also offer potential sources of new revenue. For example, according to the BSA report, the United States shares--with Japan and Luxembourg--the lowest level of software piracy per country, at 20%. But the sheer volume of U.S. users means that the BSA ranks the United States as tops in the overall consumption of pirated PC software. All told, people in the United States used an estimated $9.5 billion in pirated software in 2010, followed by China ($7.8 billion) and Russia ($2.8 billion).

As those piracy levels suggest, at least for smaller U.S. software vendors, turning nonpaying consumers into paid users is a project that may best start close to home.


In the new, all-digital issue of InformationWeek: Our 2011 Strategic Security Survey shows increased executive interest in security. Here's what you should do next. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3304
Published: 2014-10-30
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

CVE-2013-7409
Published: 2014-10-30
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.

CVE-2014-3446
Published: 2014-10-30
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.

CVE-2014-3584
Published: 2014-10-30
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

CVE-2014-3623
Published: 2014-10-30
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vect...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.