Impact of piracy on innovation at software firms and implications for piracy policy

In this paper, we look at how innovation in the presence of piracy is affected by the policy choice of alliances such as the Business Software Alliance (BSA). Surprisingly, we find that a stricter piracy policy, that increases the perceived cost to using pirated software for end-users, may in some cases lead to an increase in piracy, and a decrease in product quality. The implication for a social planner is that in a monopoly market, an increase in the policy variable, could act as a disincentive for innovation. In a competitive market an increase in the policy variable provides an incentive for innovation.     

Optimal software pricing in the presence of piracy and word-of-mouth effect

We develop an analytical model that embeds empirical findings on software diffusion to examine optimal pricing strategies for a spreadsheet software product under coalescing effects of piracy and word-of-mouth through its entire life cycle. We find that the demand of the innovators has the most significant impact on the firm's pricing decision. Our research recommends market skimming pricing strategy if innovators' demand is high and the market penetration pricing strategy is preferred otherwise. Surprisingly, the increase of conversion rate of imitators to buyers never significantly alters the pricing strategy pre-determined by the demand of innovators. Most interestingly, the optimal profit from instituting a two prices policy for a software product with five years lifespan outperforms that from a one price policy by no more than 4%, a finding that corroborates the common one price policy observed in reality.     

An empirical analysis of the impact of software development problem factors on software maintainability

Many problem factors in the software development phase affect the maintainability of the delivered software systems. Therefore, understanding software development problem factors can help in not only reducing the incidence of project failure but can also ensure software maintainability. This study focuses on those software development problem factors which may possibly affect software maintainability. Twenty-five problem factors were classified into five dimensions; a questionnaire was designed and 137 software projects were surveyed. A K-means cluster analysis was performed to classify the projects into three groups of low, medium and high maintainability projects. For projects which had a higher level of severity of problem factors, the influence on software maintainability becomes more obvious. The influence of software process improvement (SPI) on project problems and the associated software maintainability was also examined in this study. Results suggest that SPI can help reduce the level of severity of the documentation quality and process management problems, and is only likely to enhance software maintainability to a medium level. Finally, the top 10 list of higher-severity software development problem factors was identified, and implications were discussed.     

Software watermarking via opaque predicates: Implementation,analysis, and attacks

Within the software industry software piracy is a great concern. In this article we address this issue through a prevention technique called software watermarking. Depending on how a software watermark is applied it can be used to discourage piracy; as proof of authorship or purchase; or to track the source of the illegal redistribution. In particular we analyze an algorithm originally proposed by Geneviève Arboit in A Method for Watermarking Java Programs via Opaque Predicates. This watermarking technique embeds the watermark by adding opaque predicates to the application. We have found that the Arboit technique does withstand some forms of attack and has a respectable data-rate. However, it is susceptible to a variety of distortive attacks. One unanswered question in the area of software watermarking is whether dynamic algorithms are inherently more resilient to attacks than static algorithms. We have implemented and empirically evaluated both static and dynamic versions within the SandMark framework. This work is supported by the NSF under grant CCR-0073483, by the AFRL under contract F33615-02-C-1146, and the GAANN Fellowship. Ginger Myles is currently a research scientist at IBM’s Almaden Research Center and is finishing her Ph.D. degree in computer science at the University of Arizona. She received a B.A. in mathematics from Beloit College in Beloit, Wisconsin and an M.S. in computer science from the University of Arizona. Her research focuses on all aspects of content protection. Christian Collberg received his PhD from the Department of Computer Science at the University of Lund, Sweden, after which he was on the faculty at the University of Auckland, New Zealand. He is currently an Associate Professor at the University of Arizona. His primary research area is the protection of software from reverse engineering, tampering, and piracy. In particular, the SandMark tool (sandmark.cs.arizona.edu) developed at the University of Arizona is the premier tool for the study of software protection algorithms.     

A primer on software piracy cases in the courts

As with much technological change, the law and judicial system have lagged behind in adapting to the changing world of computer and software development. Changes in software development have created new classes of criminals and contract violators, and new theories and techniques to catch them. This paper discusses the fate of one breed of computer criminal, the software pirate, before the courts.Software piracy is a relatively recent type of computer crime because software development or engineering is no longer a custom design operation for particular organizations on particular computers. Software is now being produced for mass consumption and the ‘generic’ software package is not far off. Software packages may be very valuable even though they may be stored in a compact place, (like jewelry or money) such as on a microprocessor chip or a floppy disk. Software packages may vary in price from tens of dollars to millions of dollors. As with the related and booming practice of video disk piracy, it is often easy to make multiple copies of software for a miniscule fraction of the average original development cost.Despite the widely acknowledged existence of widespread software piracy, there have been very few cases reaching the civil courts and nearly none before the criminal courts. There are several explanations: few pirates are caught, few owners of software are willing or able to press a claim in court, most cases are settled out of court, and perhaps there is not so much software piracy after all; or a combination of all of them.This paper does not try to answer the question of why there are so few cases. Instead, it presents the bare facts from the existing cases and categorizes the source of the piracy, i.e. how did the pirate or alleged pirate come to possess the software in the first instance and what happened to him or her.The presentation of cases here is not complete, for the legal reporting systems are also not up-to-date. Indeed, the phrase, “software piracy” does not appear in legal reports' indices, nor legal dictionaries. More research is needed, but the patterns found in the 31 cases here will probably continue as the sample increases. From such patterns, software owners and legal practitioners can better see what they are up against.     

A reversed context analysis of software piracy issues in Singapore

The level of software piracy and reasons underlying the behavior among students in Singapore was investigated using the reversed context analysis previously used by Moores and Dhillon in a study of Hong Kong. This technique presented the respondents with a set of context statements that describe the buying and using of pirated software in terms of high availability, high cost, and low censure. The contexts were reversed (low availability, low cost, high censure) in order to determine whether targeting one or more of these reasons would lead the respondents to stop the behavior. The same instrument was used here with a sample of 462 students. The results showed general agreement with those of the Hong Kong study, although the level of pirating behavior was lower, with a weaker switch from agreement to disagreement when the context involved cost. A closer examination of the respondents revealed a set of respondents that frequently bought and used pirated software and seemed resistant to any of the reversed scenarios. This suggests that even in culturally similar markets different approaches may be required to combat software piracy.     

计算机网络安全防护问题及其策略

随着信息时代的到来,计算网络在给人们的生产生活带来便利的同时,也面临着较多不安全因素.因计算机网络安全涉及军事、经济、文教等诸多领域,因此,加强计算机网络安全防护内容的研究,对确保国家信息安全具有重要意义.本文对计算机网络安全防护问题进行分析,并以此为基础提出应对策略,为我国计算机网络的安全运行提供参考.     

A study of the effects of three commonly used software engineering strategies on software enhancement productivity

The results of a study of software enhancement projects involving identical information requirements are reported. A sample drawn from the 200 largest commercial banks in the United States was examined to determine the levels of programming, systems analysis, and project management effort necessary to implement interest reporting requirements of the U.S. Tax Equity and Fiscal Responsibility Act (TEFRA) of 1982. Results of the study indicate that firms using structured systems design and programming techniques expended twice as much effort to implement the TEFRA requirements as those using non-structured approaches. It was also found that firms purchasing software expended nearly the same amount of effort as those using traditional systems analysis and programming techniques.     

A critical review of proprietary software protection

The purpose of this paper is to delineate primarily the present state of U.S. patents, copyright and trade secrets to the area of computer software. These three areas were chosen because the protection afforded by them is the greatest and because the application of these laws is pretty much unique as applied to software. A brief mention will be given to the law of contracts (contractual agreements), but an analysis of this area is not required because the application of the law of contracts to software is not unique. The paper ends with a brief look at the Doctrine of Unfair Competition, ethical considerations and finally presenting various proposals that have been made to help rectify the problem of proprietary software protection.     

The evaluation of software systems' structure using quantitative software metrics

The design and analysis of the structure of software systems has typically been based on purely qualitative grounds. In this paper we report on our positive experience with a set of quantitative measures of software structure. These metrics, based on the number of possible paths of information flow through a given component, were used to evaluate the design and implementation of a software system (the UNIX operating system kernel) which exhibits the interconnectivity of components typical of large-scale software systems. Several examples are presented which show the power of this technique in locating a variety of both design and implementation defects. Suggested repairs, which agree with the commonly accepted principles of structured design and programming, are presented. The effect of these alterations on the structure of the system and the quantitative measurements of that structure lead to a convincing validation of the utility of information flow metrics.     

An approach to analyzing the software process change impact using process slicing and simulation

When a software process is changed, a project manager needs to perform two types of change impact analysis activities: one for identifying the affected elements of a software process which is affected by the change and the other for analyzing the quantitative impact of the change on the project performance. We propose an approach to obtain the affected elements of a software process using process slicing and developing a simulation model based on the affected elements to quantitatively analyzing the change using simulation. We suggest process slicing to obtain the elements affected by the change. Process slicing identifies the affected elements of a software process using a process dependency model. The process dependency model contains activity control dependencies, artifact information dependencies, and role replacement dependencies. We also suggest transformation algorithms to automatically derive the simulation model from the process model containing the affected elements. The quantitative analysis can be performed by simulating the simulation model. In addition, we provide the tool to support our approach. We perform a case study to validate the usefulness of our approach. The result of the case study shows that our approach can reduce the effort to identify the elements affected by changes and examine alternatives for the project.     

Reducing software requirement perception gaps through coordination mechanisms

Users and information system professionals view the world differently. This perception difference leads to an inability to fully define the information requirements of a new system. Practitioners understand this difficulty and look for solid approaches to address the problem. A model is developed that links coordination mechanisms and project partnering practices to perception gaps and project success. The premise is to use the model to confirm the expected relationships and examine coordination practices in particular for effectiveness in promoting common understanding. Survey results from information system project professionals indicate that the managerial interventions of coordination and partnering are successful in reducing the perception gaps and improving project performance. Prior research had not established a link. The results support the principle that organizations must install specific coordination techniques and implement partnering procedures prior to the commencement of project activities.     

From integration to composition: On the impact of software product lines, global development and ecosystems

Three trends accelerate the increase in complexity of large-scale software development, i.e. software product lines, global development and software ecosystems. For the case study companies we studied, these trends caused several problems, which are organized around architecture, process and organization, and the problems are related to the efficiency and effectiveness of software development as these companies used too integration-centric approaches. We present five approaches to software development, organized from integration-centric to composition-oriented and describe the areas of applicability.     

The changing industry structure of software development for consumer electronics and its consequences for software architectures

During the last decade the structure of the consumer electronics industry has been changing profoundly. Current consumer electronics products are built using components from a large variety of specialized firms, whereas previously each product was developed by a single, vertically integrated company. Taking a software development perspective, we analyze the transition in the consumer electronics industry using case studies from digital televisions and mobile phones. We introduce a model consisting of five industry structure types and describe the forces that govern the transition between types and we describe the consequences for software architectures.We conclude that, at this point in time, software supply chains are the dominant industry structure for developing consumer electronics products. This is because the modularization of the architecture is limited, due to the lack of industry-wide standards and because resource constrained devices require variants of supplied software that are optimized for different hardware configurations. Due to these characteristics open ecosystems have not been widely adopted. The model and forces can serve the decision making process for individual companies that consider the transition to a different type of industry structure as well as provide a framework for researchers studying the software-intensive industries.     

A framework for secure execution of software

The protection of software applications is one of the most important problems to solve in information security because it has a crucial effect on other security issues. We can find in the literature many research initiatives that have tried to solve this problem, many of them based on the use of tamperproof hardware tokens. This type of solution depends on two basic premises: (i) increasing the physical security by using tamperproof devices and (ii) increasing the complexity of the analysis of the software. The first premise is reasonable. The second one is certainly related to the first one. In fact, its main goal is that the pirate user not be able to modify the software to bypass an operation that is crucial: checking the presence of the token. However, experience shows that the second premise is not realistic because analysis of the executable code is always possible. Moreover, the techniques used to obstruct the analysis process are not enough to discourage an attacker with average resources.In this paper, we review the most relevant works related to software protection, present a taxonomy of those works, and, most important, introduce a new and robust software protection scheme. This solution, called SmartProt, is based on the use of smart cards and cryptographic techniques, and its security relies only on the first of the premises given above; that is, SmartProt has been designed to avoid attacks based on code analysis and software modification. The entire system is described following a lifecycle approach, explaining in detail the card setup, production, authorization, and execution phases. We also present some interesting applications of SmartProt as well as the protocols developed to manage licences. Finally, we provide an analysis of its implementation details.     

Risk analysis of software process measurements

Quantitative process management (QPM) and causal analysis and resolution (CAR) are requirements of capability maturity model (CMM) levels 4 and 5, respectively. They indicate the necessity of process improvement based on objective evidence obtained from statistical analysis of metrics. However, it is difficult to achieve these requirements in practice, and only a few companies have done so successfully. Evidence-based risk-management methods have been proposed for the control of software processes, but are not fully appreciated, compared to clinical practice in medicine. Furthermore, there is no convincing answer as to why these methods are difficult to incorporate in software processes, despite the fact that they are well established in some business enterprises and industries. In this article, we challenge this issue, point out a problem peculiar to software processes, and develop a generally applicable method for identifying the risk of failure for a project in its early stages. The proposed method is based on statistical analyses of process measurements collected continuously throughout a project by a risk assessment and tracking system (RATS). Although this method may be directly applicable to only a limited number of process types, the fundamental idea might be useful for a broader range of applications.

软件知识产权的保护与技术进步

本文对软件知识产权和软件知识产权的保护进行了介绍,阐述了软件知识产权的保护对我国国民 经济建设的重要性,论述了软件知识产权保护与技术进步之间的互动关系。     

Analysis of software bug causes and its prevention

In our software development group we have faced difficulties in improving software quality. In order to find the causes of this problem we have analyzed software bugs that were found in the credit authorization terminal software that our group developed, and found the real causes of the bug. As a result, it was found that about 50% of the real causes were made by the designer's carelessness. Based on this finding, guidelines were established to improve the designers’ behavior. Furthermore, we made clear the causes of software bugs, the phase in which they were made, the relation between the software bugs and their real causes. We also made the measures to prevent the software bugs and implemented them. And we refer to the effect that the substantial amount of software bugs can be decreased by the implementation.     

基于RSA算法的注册码软件加密保护

提出了在注册码软件加密保护基础上的一套完整软件保护方案,方案中采用了“一机一码”制,运用密码学中成熟的非对称算法RSA(R ivest Sham ir Adelman)进行加密处理,并且以数据库的形式进行密钥管理,通过这一系列手段更好地防止了非法注册码的传播和非法注册机的制作。最后在基于VC++6.0的开发平台上实现了该软件保护方案。