Imagine who might attempt to defeat the security of your software. Is it a software pirate? An information thief ? A temporary worker for whom no background check was performed? A competitor after company secrets? A vandal? Write a one- or two- sentence biography of each. One at a time imagine that you are them. How would you attack your software?
Look for mention of your software and your competitor's software in the hacker Usenet groups. Are there serial number generators, or cracks, available? Are people asking for them?
Ask yourself what is the worst that can happen. Imagine the worst-case scenarios. Try to put a dollar value on the damage that can be done, and try to estimate the likelihood that the worst case will come to pass. If there's a high likelihood of very expensive damage, it's time to increase your security efforts.
Using at least five typical installations of your software, create a picture of how your customers secure your system. How do they manage access to your system? Can you help your customers improve security? How are other elements of your system managed? Even if your application is secure, there may be other routes to your data through third-party tools, and hackers can exploit them.
How secure are the components you've licensed?
About Ron Lunde
Ron Lunde is an amateur orchid grower, a humorist, and an inventor of strange and typically useless things, who is currently employed as a system architect for Aladdin Knowledge Systems. He has 19 years of software development experience as a software architect, a software manager, or a senior engineer in electronic software distribution and license management, digital video editing, source-level debuggers for in-circuit emulation, and automatic ASIC and circuit board test generation. He has also consulted in many other areas.