Software development · Software

Preparing a Software Product for Release

Ronald Rich Investment Banker | M&A and ESOP Specialist | Corporate Finance Advisor

December 7th, 2015

I am a self-taught programmer and am planning to release software targeted to business.  The program was written in Visual Studio.  I intend to hire someone to prepare it for distribution, but am not sure what needs to be done (subscription enforcement, prevent code from breaking at input fields, etc.).  What needs to be addressed?

Daniel Marques Director of Application Development at Pragma Securities LLC

December 7th, 2015


From the sounds of it, it seems like you aren't a professional programmer (self-taught, or otherwise).  As such, I think you need to re-think what you are hiring for.  

Instead of hiring someone to "prepare it for distribution" (which makes it sounds as if the project is almost complete), consider what you have done as the proof of concept (POC).  It might be great, but it is still (likely) far from complete.

Look for someone who is an experienced developer in the language (you don't say which one) and platform (presumably Windows as you are using VS, but not certain).  For the first phase of the selection, explain the general idea of the software (or demo it to them), and ask them to describe exactly how they would production-ize it.

This should involve dealing with error handling (both input validation, but also writing/reading files, or making network connections), configuration (and saving configs), database access, piracy prevention, etc.  This should be a conversation to open your eyes as to the effort to go from POC to production.  The right candidate should bring up many, many, things that you haven't thought of.  Of course, write this all down and take the opportunity to research if what they are saying passes the smell test.

The next step would be to have them evaluate the code for a day or two and come up with a definitive list of the work that needs to be done, and effort involved.

Good luck.

Lorraine Wheeler President at Redstoke, LLC

December 7th, 2015

Regarding subscription enforcement, I would only put very basic subscription enforcement in the first revision. Focus on the features and making it easy to use. If you find your software is so popular that it gets stolen a lot, then include more enforcement in future updates.  In some respects, it is a "good problem to have" in that it means your software is popular and people are trying it out.  

Faisal Memon iOS Department Technical Lead at Citrix ShareFile Quick Edit

December 8th, 2015

What does it take to move from a prototype to a released product? -- the answer is well documented by the Mythical Man Month -- an old but classic book which I think you would appreciate as it tells the story of the other aspects of software development is needed to get to a real product.  A contemporary resource is the apple app distribution guide -- yes its a different ecosystem but it calls out many of the kind of things that need consideration -- beta testing, marketing, artwork, legal contact, support site, etc.  It gives good food for thought -- the wider picture.  Equipped with that perspective, you have to tools to dig into your specific product domain and ecosystem.

Gabriel Magaña Gonzalez

December 7th, 2015

First, congrats on finishing your product!

As to your questions: I'd say it depends on how much you want to protect your product from piracy (totally depends on what your product is and how likely people are to want to share it). If you want to be really stringent, then you need to protect your code from reverse engineering (particularly if written in .NET). You might also want to make the system "phone home" in order to activate for use.  The executable encryption is important so that crackers find it difficult to disable your security system.

I'll say the mandatory: "No encryption is perfect, there is no way to truly prevent people from reverse engineering your product, blah blah". The point is that you make it much harder to crack your product, too hard for the casual guy.

I cannot say more without knowing more about your product, other than I'd make the system phone home to verify a license, and I'd encrypt the compiled code to make it harder to reverse engineer your system.

Jared Owen SDET at Microsoft

December 7th, 2015

Any input fields open yourself up to a SQL injection security attack. You want to use regular expressions to "clean" the input before saving data into db at the very least. There many code examples online...

Art Yerkes Computer Software Professional

December 7th, 2015

"Any input fields open yourself up to a SQL injection security attack. You want to use regular expressions to "clean" the input before saving data into db at the very least. There many code examples online... "

Input validation is always a good idea, but when dealing with a SQL database, SQL queries should not be composed as strings with embedded values.  SQL queries with out-of-line parameters should be used along with the APIs that support them.  Using a regex on the input to "clean" it gives a false sense of security and is often more complicated than just doing it the right way.  

Also, ensure that serializations of the data are escaped in a way appropriate to their use (for example, that text composed in a web browser control is fully escaped as html entities).

Ronald Rich Investment Banker | M&A and ESOP Specialist | Corporate Finance Advisor

December 7th, 2015

Thanks very much for the great answers.  I will follow-up with some questions under another heading.

Scott Harrison Principal Software Development at Insightful Business Technologies, Inc.

December 8th, 2015

Ronald, The person you are looking for will have the skills and bandwidth to get your product published and be there to fix bugs and respond to your clients' feedback. The relationship must be mutually equitable and long term as getting your product into your clients' hands is only 10% of the journey. Your clients want to see you grow and having a good, experienced developer available is essential. 

Siraj Hussain Software Engineer at Macrosoft

December 11th, 2015

Hire a best software quality assurance engineer. I am offering my services.

Liza Taylor Communication Specialist at Keyideas Infotech

December 20th, 2015

Great job Ronald. Subscription enforcement is the best method for product release. As long as you have the quality, you would always have the end users and enterprises to use your product. It is one of the models where it can be used as per requirement. And the subscription can be extended further. I do feel that monthly plans might be a bit expensive than quarterly plans and yearly plans but I still prefer the monthly plans so that I don't spend a huge sum on one go. 

Good Luck Ronald Rich.