DTSA and Software Reverse Engineering

The Defend Trade Secrets Act (DTSA) makes it “open season” on Reverse Engineering

The Commission on the Theft of American Intellectual Property reports that the theft of trade secrets costs the economy more than $300 billion a year. …and valuable and sensitive software is very transportable and vulnerable.

The recently signed Defend Trade Secrets Act (DTSA) creates a clear path to enforce trade secret rights in federal court. It applies to secret information that has been “acquired through Improper Means”. However, it states that Improper Means excludes “reverse engineering, independent derivation, or any other lawful means of acquisition.” The European Union is also passing a “harmonizing” set of legislation so all of this generally should apply to the EU as well. In addition, Germany’s laws are a bit clearer, “according to German case-law, reverse engineering may be unlawful if it requires a significant investment in workforce or technology to reverse engineer a product.” 

Companies that create valuable software work to protect source code (and lessen the risk of reverse engineering). Keeping source code under control is relatively easy, but not letting it be obtained from reverse engineered can be difficult. It is common knowledge that with freely available tools, many applications (especially ones written in Java or .NET) can be turned back into source code.

Using application hardening and obfuscation tools, it is possible

  1. To keep your code a secret in the first place by thwarting reverse engineering tools and making reverse engineering much harder even for skilled hackers.
  2. To show that you (the trade secret holder) took “reasonable” precautions to protect your IP and strengthen claims of theft and misappropriation.

Not every application needs protection against reverse engineering and tampering. Here is starter checklist:

  • Does the application have a new or interesting way it is solving a problem or providing value?
  • Does the application have access to sensitive data?
  • Is the application running outside your firewall?
  • Does the application generate revenue?
  • Could the application be easily run outside your country?

If answer to one or more of these is yes, applying protection to your application might be appropriate.

Other than yourself, nobody cares more about protecting your code then PreEmptive does. We have been protecting applications for almost 20 years. If you want to protect your applications against reverse engineering and tampering, please consider taking a look at our tools (we promise you will not be disappointed), or read more with our Reverse Engineering: A Complete Guide