Vulnerabilities / Threats
5/18/2011
11:04 AM
50%
50%

Schwartz On Security: Developers Battle Piracy Channels

Business Software Alliance report finds widespread software piracy, but experts say market pressures are to blame.

What's the best way for software developers to deal with piracy?

That question is pertinent given last week's release of the 2010 BSA Global Software Piracy Study, which was commissioned by the Business Software Alliance, a trade organization, and conducted by market researcher IDC and Ipsos Public Affairs, a public opinion research firm.

According to the study, which looked at software-usage practices in 116 countries, "the commercial value of software piracy grew 14% globally last year to a record total of $58.8 billion." Given the BSA's members, which include Adobe, Apple, Microsoft, and Symantec, the pirated software in question likely refers largely to personal and productivity applications.

Interestingly, the BSA report found that the most prevalent form of piracy wasn't bootleg copies sold from markets or applications procured via peer-to-peer networks. "The most common way people in developing economies engage in piracy is to buy a single copy of software and install it on multiple computers--including in offices," said the report. "Most PC users believe this practice is legal at home (57% in developing economies and 63% in mature economies), and about half believe it is legal at work (51% in developing economies, 47% overall)."

What's the best way for software vendors to target this lost revenue? For starters, it helps to see software piracy from the standpoint of a consumer--paid up or otherwise. That's because according to a study released earlier this year, which was backed by Canada's Social Science Research Council, "piracy is chiefly a product of a market failure, not a legal one." In other words, piracy most often occurs when people have difficulty procuring legitimate copies of software, or face few legal disincentives.

"The mentality in certain geographies is one of 'we will use it until we are caught,'" Victor DeMarines, VP of products for V.i. Labs, which develops piracy detection and business intelligence tools for independent software vendors (ISVs), said in a telephone interview. "ISVs must realize they are competing with piracy channels as an effective distribution for any type of software, including high-value applications."

Suspecting or knowing there's a problem, however, is only part of the challenge. Indeed, a vendor may suspect that its software is the de facto standard for a region, but won't have the licensees to show for it--"similar to the early days of Autodesk [and its] CEO referencing that 95% of China uses AutoCAD, but we only have one paid license," said DeMarines.

To address that situation, software vendors can increase their distribution, sales team, or legal presence in the target country. In addition, large organizations often have the BSA or existing legal relationships at their disposal, and an amnesty or anti-piracy program that converts pirated software users into paying customers, even for a license fee of a few dollars, can mean a few million dollars in additional revenue.

But such economies and backing, not to mention organizational growth, aren't always available to smaller software vendors, and in some countries, they may simply be out of luck. "Take China. In Hong Kong, you might have better luck. In Taiwan, there are processes there you can manage. Whereas in China, it's all about how much presence you have in the country that will dictate the success you have in the country," said DeMarines. In other words, unless you're a large software vendor, think twice before pursuing piracy in some countries, such as China.

On the other hand, mature markets also offer potential sources of new revenue. For example, according to the BSA report, the United States shares--with Japan and Luxembourg--the lowest level of software piracy per country, at 20%. But the sheer volume of U.S. users means that the BSA ranks the United States as tops in the overall consumption of pirated PC software. All told, people in the United States used an estimated $9.5 billion in pirated software in 2010, followed by China ($7.8 billion) and Russia ($2.8 billion).

As those piracy levels suggest, at least for smaller U.S. software vendors, turning nonpaying consumers into paid users is a project that may best start close to home.


In the new, all-digital issue of InformationWeek: Our 2011 Strategic Security Survey shows increased executive interest in security. Here's what you should do next. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6501
Published: 2015-03-30
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_s...

CVE-2014-9209
Published: 2015-03-30
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

CVE-2014-9652
Published: 2015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta...

CVE-2014-9653
Published: 2015-03-30
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory ...

CVE-2014-9705
Published: 2015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.