Vendor Registration Forms Download Here: Fill & Download for Free

Before answering your question here is my message of caution: “Never start an enterprise depending on a single customer. Don’t imagine that you will be their captive supplier for ever.”Now the answer: There is no approval for starting an unit. If you are already having an established unit, visit the website of BHEL Trichy, download the vendor registration form and submit it along with the required documents to the relevant departments. Also send hard copies to the relevant departments. After all the formalities they will enroll you in their approved vendors list.Take an informed decision before venturing.All the best!

Cracked versions of software are created with the use of debuggers. (A debugger is a special type of software that lets programmers deconstruct their software into its constituent parts for the purpose of finding bugs, and thus de-bugging. Additionally debuggers can be used for reverse-engineering, or to see what is inside the software, to learn its logic. The latter method is used mostly by malware researchers to study what malware (or computer viruses) do on-the-inside. But it can be also used by an attacker to "crack" (or bypass) legal software registration, or at times, to alter normal behavior of software, for instance by injecting a malicious code into it.)For the sake of this example, I will assume that the software that is being "cracked" was compiled into a native code, and is not a .NET or a JavaScript based application. (Otherwise it will be somewhat trivial to view its source code.) The compiled native code is a bit more tricky "beast" to study. (Native means that the code executes directly by the CPU, GPU, or other hardware.)So let's assume that the goal of an attacker is to bypass the registration logic in the software so that he or she doesn't have to pay for it. (Later for lolz, he or she may also post such "crack" on some shady online forum or on a torrent site so that others can "use" it too and give him or her their appreciation.)For simplicity let's assume that the original logic that was checking for the software registration was written in C++ and was something similar to the following code snippet:In this code sample "RegistrationName" and "RegistrationCode" are special strings of text that a legitimate software user will receive after paying for the license. (The name is usually that person's actual name or their email address, and the code is some string of unique/special characters that is tied to the name.)In the logic above, the function named "isRegistrationCodeGood()" will check if "RegistrationName" and "RegistrationCode" are accepted using some proprietary method. If they are, it will return true. Otherwise false. That outcode will dictate which branch (or scope) the execution will follow.So the logic above will either show that registration failed and quit:Or, if the registration code and name matched, it will save the registration details in persistent storage (such as the File System or System Registry) using the function named "rememberRegistrationParameters()" and then display the message thanking the user for registering:A "cracker" will obviously want to achieve the second result for any registration code that he or she enters. But they have a problem. They do not have the C++ source code, part of which I showed above. (I hope not!)So the only recourse for an attacker is to disassemble the binary code (that always ships with software in the form of .exe and .dll files on Windows, and mostly as Unix executables inside the .app packages on a Mac.) An attacker will then use a debugger to study the binary code and try to locate the registration logic that I singled out above.Next you can see the flowchart for a snippet of code that I showed in C++, presented via a low-level debugger. Or, as the code will be read in the binary form after compilation:(For readability I added comments on the right with the names of functions and variables. They will not be present in the code that an attacker could see.)(To understand what is shown above an attacker will have to have good knowledge of the Assembly language instructions for the native code.)I also need to point out that having a disassembly snippet like the one above is the final result for an attacker. The main difficulty for him or her is to locate it among millions and millions of other similar lines of code. And that is their main challenge. Not many people can do it and that is why software "cracking" is a special skill.So having found the code snippet above in the software binary file a "cracker" has two choices:1) Modify (or patch) the binary.2) Reverse-engineer the "isRegistrationCodeGood()" function and copy its logic to create what is known as a "KeyGen" or "Key Generator."Let's review both:The first choice is quite straightforward. Since an attacker got this far, he or she knows the Intel x64 Instruction Set quite well. So they simply change the conditional jump from "jnz short loc_7FF645671430" at the address 00007FF645671418 (circled in red in the screenshots) to unconditional jump, or "jmp short loc_7FF645671430". This will effectively remove any failed registration code entries and anything that the user types in will be accepted as a valid registration.Also note that this modification can be achieved by changing just one byte in the binary code from 0x75 to 0xEB:But this approach comes with a "price" of modifying the original binary file. For that an attacker needs to write his own "patcher" (or a small executable that will apply the modification that I described above.) The downside of this approach for an attacker is that patching an original executable file will break its digital signature, which may alert the end-user or the vendor. Additionally the "patcher" executable made by an attacker can be easily flagged and blocked by the end-user's antivirus software, or lead criminal investigators to the identity of the attacker.The second choice is a little bit more tricky. An attacker will have to study "isRegistrationCodeGood()" function and copy it into his own small program that will effectively duplicate the logic implemented in the original software and let him generate the registration code from any name, thus giving any unscrupulous user of that software an ability to register it without making a payment.Vendors of many major software products understand the potential impact of the second method and try to prevent it by requiring what is known as "authentication." This is basically a second step after registration, where the software submits registration name to the company's web server that returns a response back to the software of whether the code was legitimate or not. This is done by Microsoft when you purchase Windows (they call it "Activate Windows") and also by Adobe, and many other companies. This second step may be done behind-the-scenes on the background while the software is running, and will usually lead to cancellation of prior registration if it was obtained illegally.So now you know how software is "cracked".Let me answer why it is not possible to prevent it. It all boils down to the fact that any software code needs to be read either by CPU (in case of a binary native code) or by an interpreter or a JIT compiler (in case of JavaScript or .NET code.) This means that if there's a way to read/interpret something, no matter how complex or convoluted it is, an attacker with enough knowledge and persistence will be able to read it as well, and thus break it.There is an argument though that cloud-based software is more secure, which is true, since its (binary) code remains on the server and end-users do not have direct access to it. And even though cloud-based software is definitely the future, it has some major drawbacks that will never allow it to fully replace your conventional software. To name just a few:Not everyone has an internet connection, or is willing to upload their data online. Additionally someone’s internet connection can be very expensive or too slow to make the software run very laggy.Then there’s a question of distributed computing. For instance, Blizzard Entertainment would never make “World of Warcraft” to fully run on their servers due to immense computational resources needed to render every single scene for every player they have. Thus it is in their best interest to let each individual user’s computer to do the rendering instead.As a software developer myself, I obviously don't like when people steal software licenses. But I have to accept it and live with it. The good news is that there are not that many people who are willing to go extra mile and search for a cracked version of software. The main problem for those who do, is that by downloading a patched executable, or an attacker's KeyGen or a Patcher, they are effectively "trusting" him or her not to put anything "nasty" into it that was not "advertised on the package" (stuff like trojans, malware, or keyloggers.) So the question for those people becomes -- is it worth the cost of the software license to potentially infect your system with a nasty virus?On the other side of the equation, some developers react very negatively to any attempts to steal their software licenses. (I was there too.) They try to implement all kinds of countermeasures -- anything from tricking reverse-engineers, to adding booby traps in the code that may do something nasty if the code detects that it is being debugged, to obfuscating or scrambling the code, to enforcing all kinds of convoluted DRM schemes, to blocking users from certain countries. I personally try to stay away from all of those measures. And here's why:A) Any kind of anti-reverse-engineering tactics could be bypassed by an attacker with enough persistence. So why bother and waste my time when I can invest that time into adding something useful to my software that will make it more productive for legitimate users?B) Some code packers could create false positives with antivirus software, which is obviously not good for marketing of that software. It also creates unnecessary complexity for the developer to debug the software.C) Adding booby traps in the code can also “misfire” on your legitimate users, which will really infuriate them and can even lead to lawsuits.D) Any DRM scheme will probably catch some 100 illegal users and greatly inconvenience 10,000 legitimate ones. So why do it to your good customers?E) Our statistics show that about 75% of all illegal licenses come from China, Russia, Brazil, to name the worst offenders. (I also understand that the reason may be much lower incomes that people have in those countries.) The main issue for us though was the fact that if we enforce our DRM or add some strong registration authentication, many people that wanted to bypass our registration would simply use a stolen credit card number. And we had no control over it. Our system will use it to send them a legitimate license only to have the payment bounce in weeks time. As a result we would lose the money that were paid for the license, plus the credit card company will impose an additional chargeback fee to our account, which may range from $0.25 to $20 per bad purchase on top of the license cost.F) As was pointed out in the comments, some companies may actually benefit from allowing pirated copies of their software. Microsoft for instance gets a lot of free publicity from people using their Windows OS, the same goes for Adobe with their Photoshop. That is a good point that I agree with.So my philosophy is now this -- if someone wants to go extra mile and steal our software, go for it! They went this far to do it anyway, so they probably have a good reason. On the positive side there are so many other customers that appreciate the work that goes into creating software that greatly outnumber those that don’t.PS. Thank you everyone! It makes me feel good that the knowledge I shared is useful to others.If you want to see more of my tech articles, check out my blog at dennisbabkin.com/blog

This question is a bit broad as the term "business information" is generic. As such, I will use the three sample companies in the question to define business information as company intelligence for sales, marketing, and business research. I am excluding credit as that has been posed as a separate challenge and operates with separate products from sales, marketing, and business research.To further refine the question, I am operationally defining incumbents as companies with revenue greater than $50 million and entered the sales and marketing products space over five years ago.INCUMBENTSAlong with Dun & Bradstreet (DNB), Experian, and Bureau van Dijk (BvD), I am also identifying LexisNexis (LN), Factiva, and Avention as incumbents. Here is a quick overview of each of the incumbents and their offerings:DNBDun & Bradstreet has been collecting company profiles since the 19th century. Their largest segment is Credit, but Sales & Marketing Services is their fastest growing division. DNB provides a varied set of products including Optimizer (batch company enrichment), Hoover's (company profiles), D&B360 (CRM connectors for sales), D&B Direct (API and marketing automation connectors), First Research (US industry overviews), Market Insight (hosted marketing database), and NetProspex (Contact hygiene and enrichment hub in the cloud). They also recently re-acquired D&B Credibility Corp which re-established their position in the SMB market. Of these products, Hoover's and Optimizer are probably the most vulnerable. Hoover's is geared more towards the bottom half of the sales intelligence market where there is significant competition from new entries while Optimizer is a cash cow, but run mostly as a batch service. DNB has indicated plans to build company matching into its NetProspex data hub so the Optimizer risk may be resolved before there is significant market loss.ExperianExperian is more focused on business and consumer credit than business information services. Business Marketing services include Experian Data Quality and digital marketing services. They do not offer a global business research or sales intelligence service.BvDBureau van Dijk provides a top-notch global company database which is available for financial analysis (ORBIS) and sales intelligence (MINT). They also market a set of Catalyst workflow products tied to specific analytical needs such as transfer pricing, valuation, and compliance (e.g. KYC, AML). ORBIS has probably the broadest set of global company financials. Other strengths include global company linkage (they track minority shareholdings), their Zephyr M&A database, original documents (e.g. private company registration forms), and financial analysis tools. Products are available at the global, regional, and country level. Geographically, BvD is strongest in Europe followed by the AsiaPacific region. They have gained little traction in the Americas outside of banking and insurance. Other vulnerabilities are their dated UIs, limited CRM connectors, and lack of marketing offerings.LNLexisNexis is owned by Reed Elsevier and offers two long-established product lines in the business research space: the Lexis line of legal products and the Nexis news database. Their Dossier Suite of products were launched about fifteen years ago and has a very dated user interface and limited workflow tools for sales, marketing, and business research. Dossier offers very deep content but has not received significant capital investment over the past decade. Around five years ago, they built their Prospect Portfolio service for sales reps, but it was late to the market and offers little that wasn't available from the established sales intelligence services.FactivaFactiva is owned by Dow Jones and provides the premier English multi-lingual news archive on the market. Along with company news, they sell a Companies & Executives (FC&E) database. FC&E was targeted to the upper end of the market where it competed against BvD and Avention. The offering, while quite good, never managed to significantly dislodge Avention and BvD. As such, they have slowed investment into the offering over the past few years.AventionAvention provides a global database of companies and executives for sales (iSell) and business research (Global Business Browser). In the past two years, they launched two offerings: The OneSource platform which supports sales and business research along with predictive analytics tools; and DataVision which provides a hosted marketing database for data enrichment and marketing analytics.CHALLENGERSSo now that I've delved into the incumbents, I see the challengers as coming from several corners. I have grouped them into the following categories: Crowdsourced datasets, semantically mined datasets, predictive analytics, and niche datasets.CROWDSOURCEDLinkedIn Sales NavigatorI am including Sales Navigator (SN) amongst the challengers because they only entered the sales intelligence space a few years ago but have SN revenue in the $150 million to $200 million range and see a billion dollar plus TAM (total addressable market) for the offering. They have quickly built out their sales team and have over 200 dedicated sales reps for SN. I don't believe that SN will hit their TAM because of several limitations specific to LinkedIn's crowdsourcing model. First, the service is view only. Users cannot download marketing lists or upload company or contact information to a CRM. This significantly decreases the value of SN for B2B sales and marketing. Second, they do not provide users with emails but instead force them to use InMail, a text only messaging system that lacks branding and templates. LinkedIn could invest in these tools, but then the volume of LinkedIn messaging would explode and annoy their members. Finally, virtually all contact information is personal emails which means that messages are received after hours or within LinkedIn browser and mobile apps.OwlerOwler employs a hybrid model of semantic mining, editorial review, and crowdsourcing. It has significant VC backing ($19.3 million), medium quality company profiles, three sales trigger categories (exec changes, funding, and M&A), high-precision news, and funding data. They are using crowdsourcing for company sizing, determining company competitors, and polling (e.g. CEO favorability; whether the firm will go bankrupt, be acquired, or IPO). Owler is a free service which is asking its user base to help build their company profiles. The plan is to eventually monetize the dataset by licensing it to companies and other data services. The big question is, can they build a sufficiently high quality database to monetize their user base? If so, they could be disruptive to company data in the same way as LinkedIn is disruptive to contact data (which basically drove down the price of bios). If they were to expand their sales trigger categories, they could also undermine the value of sales triggers.ZoominfoZoominfo combines crowdsourced emails and direct dial information against a database of mined companies and bios. They probably have the largest set of emails and direct dials for contacts which is a valuable asset. The firm struggled for years as it looked for a stable, long-term business model. Around 3-4 years ago, they began targeting the marketing services space offering data enrichment tools. This pivot (one of many over the years) has been very successful as they grew from low teens to $30 million over the past few years. They are now working on additional marketing automation and CRM connectors.PREDICTIVE ANALYTICSPredictive analytics for sales and marketing is an area of significant development. Analyst David Raab wrote in October, "2015 has been the breakout year for predictive analytics in marketing, with at least $242 million in new funding, compared with $376 million in all prior years combined."Raab VC Investment Chart: http://2.bp.blogspot.com/-YX3XgjiUhCg/VkTinh2z14I/AAAAAAAACMI/e4TaRRXf_9g/s400/predictive%2Banalytics%2Bfunding.jpgPredictive analytics companies generally license data from other vendors and build a database of business signals from their licensed structured and unstructured data. To a company's marketing database, they map firmographics and business signals to generate lead scores. These scores are available to both sales and marketing and help determine which leads are marketing qualified and which ones should be nurtured. The predictive companies also find net-new leads which are similar to a company's top customers and are beginning to provide product and messaging tips.Predictive companies include LeadSpace, Mintigo, 6Sense, Lattice Engines, Radius, Infer, SalesPredict, InsideSales, and Everstring. The market is still too young to predict which companies will be the eventual winners but all seem to be reporting rapid growth (off of small bases). InsideSales and Radius have the largest VC investments.Amongst the incumbents, Avention is the only firm that has invested in building out predictive tools. The other firms have not made any public investments in this space but could always acquire one of the companies. So far, Fliptop was acquired by LinkedIn and InsideSales acquired C9. Gartner Analysts Todd Berkowitz and Tad Travis complemented the C9 deal’s logic:Sales Acceleration Platform | Predictive Analytics | InsideSales.com offers strong predictive analytics offerings targeted to inside-sales teams for use higher in the sales funnel, with solutions for prospecting and lead scoring (NeuralView). C9’s focus is further down with a predictive opportunity solution for field sales (OppScore). When integrated, the combined offering will represent a comprehensive predictive sales analytics solution. With little overlap in either portfolio or customer base, there is ample opportunity to cross-sell additional modules. However, the combined company will need to bring the capabilities together into a single user interface.Both are driving the move beyond predictive analytics by offering prescriptive analytics capabilities. These will provide actionable recommendations to both sales managers and salespeople; integration will blend those capabilities. For example, C9’s next-best-action capability can become more powerful by leveraging NeuralView’s prescriptive models,” continued Gartner. “When integration is complete, existing C9 clients will benefit from Sales Acceleration Platform | Predictive Analytics | InsideSales.com’s advanced opportunity scoring capabilities including processing external buying signals gathered from social media channels.SEMANTIC MININGSemantic mining is increasingly becoming a method of data collection. The cost is quite low and semantic mining helps solve the data recency issue. Several of the previously discussed vendors employ semantic mining including Zoominfo (bios and company profiles), Owler (sales triggers, funding data), and the predictive analytics companies.To this list I would add the following companies:DataFoxDataFox originally focused heavily on providing investors with information about growing technology companies and financings, but recently entered the sales intelligence space with the launch of DataFox for Sales. DataFox for Sales’ primary information presentation model is lists. While companies can be viewed individually, the product focuses on company lists maintained by DataFox or sales reps. Lists include curated lists (e.g. Fast 500), conference attendees, and shared lists. The company can also identify similar companies based upon semantic analysis of the open web. Another differentiator is their DataFox proprietary predictive score which sums four subscores: Financing, HR, Influence, and Growth.MattermarkMattermark also focuses on rapidly growing companies. Last year they cancelled their last content license and moved to a semantically mined data model. They have a small set of editors for reviewing the results.UnomyProvides company profiles and news mined from the web. They also are list centric.Social123Rapidly growing Social123 mines social media sites (primarily LinkedIn) for contact data. They have several hundred million executive profiles with responsibilities, educational and work histories, etc. To this, they have matched emails. The database is available for licensing or enrichment. If LinkedIn chooses to sue them, it could quickly undermine the company. If not, Social123 could become a big player in the business information space, providing a backdoor method for obtaining LinkedIn intelligence.Whether the data mining model is viable is still TBD. Radius began as a mined company dataset with a focus on SMBs but pivoted into predictive analytics. GageIn mined company and contact data along with news alerts but failed to gain traction and folded last year.Another issue for data mining is completeness. Only half of SMBs have websites and mining fails to resolve key questions such as ownership (is this a company or a brand? if a brand, who owns it? if a subsidiary, who owns it?), company size, and whether the business is ongoing.NICHEOne strategy for business information providers is to develop niche offerings that gather deep info one or a few verticals. These datasets compete based upon data accuracy and industry specific fields not available in general business datasets.Two excellent examples are DiscoverOrg and RainKing that have built editorially researched technology profiles for the top global companies. Both cover approximately 50,000 companies with org charts, executive responsibilities, IT budgets, planned projects, and the firm's IT infrastructure (e.g. vendors and products). Both have globalized their coverage over the past two years and extended into other job functions (e.g. marketing and finance). Along with technology profiles, they have built connectors for CRMs and Marketing Automation Platforms.HG Data has had great success in semantically mining vendor and product data at the company level and then reselling it to predictive analytics companies and tech database vendors (they recently announced deals with DiscoverOrg and Aberdeen Group for populating these fields in their tech datasets).You will find these vertical datasets across many industries including healthcare, energy, banking, and insurance. Most of these are unlikely to directly threaten the incumbents, but building a data ecosystem (think of it as a data version of the Salesforce AppExchange) is beginning to happen. There are a number of these markets from the enterprise software companies on Microsoft Azure, Oracle (Oracle Marketing Cloud for Eloqua, BlueKai), Marketo LaunchPoint, Adobe Marketing Cloud, etc. SFDC indicated that their Accurate Business Information and Company Profiles from Leading Business Data - Data.com platform would build out a data exchange but appears to have backed off that idea. DNB has partnered with a dozen niche data vendors to provide D&B Data Exchange access through Optimizer and D&B Direct.OTHERInsideViewInsideView is a traditional sales intelligence vendor that has extended into marketing services (enrichment, prospecting). They also have built a powerful API that has been leveraged by a broad set of companies not looking to license and host company and contact datasets. When LinkedIn cut off their API last year to many vendors, InsideView stepped up and took over much of this business. InsideView offers a traditional sales intelligence offering combined with strong sales triggers, a buzz feed (social media), and a who-knows-who relationship finder that leverages your co-worker's contacts.BomboraBombora provides intent data collected from B2B media sites. Basically, they can tell you which topics are surging (of high interest) at companies. The data is anonymous, but knowing that employees at company X have significantly increased their searching on specific topics can be quite powerful for programmatic advertising, Account Based Marketing targeting, and predictive lead scoring. Bombora has licensed their content broadly across the predictive analytics space and signed deals with the D&B Data Exchange, DiscoverOrg, and the marketing clouds.I could keep going, but I'm already at 2,500 words. Other firms worthy of mention include DemandBase (programmatic advertising), ReachForce (Cloud hygiene and enrichment), SalesLoft Cadence (campaign management for sales development reps), QuotaFactory (similar to Cadence), DueDil (a rising sales intelligence database in the UK which is looking to expand across Europe), and Artesian Solutions (a UK social selling service which relies heavily on data mining).Note: I am a former Avention employee (2001 - 20010) and consult to a number of the vendors covered below. All information in this analysis is in the public domain.