Welcome to our livestream event, “Redefining the Future: Software-Driven Business Models Unleashed.” Join us as we explore the technological advancements and trends shaping the future of software-driven business models. Our panel of distinguished experts will share their insights and perspectives on the next five years of technology evolution.
Panelists:
Dr. Olaf Munkelt
Managing Director, MVTec Software
Dr. Munkelt will discuss the transformative role of machine vision technology, its integration with AI and IoT, and its applications across various industries. He will also highlight the latest innovations in machine learning for industrial applications, focusing on deep learning algorithms and predictive maintenance.
Dr. Andreas Schaad
Professor for IT Security, University of Applied Sciences of Offenburg
Dr. Schaad will address future trends in cybersecurity, including emerging threats, the importance of Security by Design, and security considerations for cloud-native applications. He will also explore the intersection of AI and cybersecurity, covering AI-driven threat detection, securing the AI lifecycle, and secure software engineering with generative AI.
Uwe Schnepf
Head of Product Management Industrial IoT, Hilscher Gesellschaft für Systemautomation
Mr. Schnepf will discuss the impact of Industrial IoT on business models, emphasizing connectivity, data-driven decision-making, and operational efficiency. Additionally, he will cover interoperability and standardization in Industrial IoT, focusing on open standards and seamless integration.
Oliver Winzenried
CEO and Founder, Wibu-Systems
Mr. Winzenried will explore the future of software licensing and protection, discussing trends in software monetization, ensuring software integrity, and adapting to subscription-based and SaaS models. He will also highlight the role of cybersecurity in digital transformation and innovative security solutions.
I haven’t been given the signal yet I I need the signal to say start so you know 30 seconds and counting e so good afternoon hello and welcome to the viu in a systems uh day um my name is Steve Atkins I’m the CEO of crown communic ations and I’m very happy to be here today and act as your moderator for this round table uh which is called redefining the future softwar driven business models Unleashed uh we’re here today we’re go for the next two hours and we’re going to discuss collaborative opportunities uh among fields of Machine Vision it security industrial iot and software protection and we’re going to do that through looking at such elements as uh artificial intelligence cloud digitization and cyber security now I’ve said who I am I’d like to introduce these gentlemen that are on my left here uh at the very far chair is Dr Olaf melt who’s the co-founder co-owner and managing director of mvtec software GMB he studied mathematics electrical engineering and computer science here in K and Munich in ’94 he graduated with a PhD in computer science from the Technical University of Munich and in ’96 Dr monel and colleagues founded mvtec software G bear of which he’s been managing director and co-owner ever since since its founding MV Tech has developed into one of the most technologically leading companies in the field of Machine Vision Dr monel has also been a member of the board of the Machine Vision Group of the German engineering Federation since 2006 I’m from 200 9 to 2018 he was chairman of the group and he’s been a member of the board of the vdma Robotics and Automotive Association since 2009 so welcome and next to him is Dr Andrea Shard who’s been Professor uh of software security and Dean of studies for corporate security course at offenberg University of applied science since 2019 he’s previously worked as head of corporate technology here at viu systems and in various Technical and management positions for ernston young sap research security and trust and Huawei security research he’s the author of 13 international patents and over 60 International Publications in the field of it security and he also plays Bas so welcome um here um right next to me on my left is uep who’s been working at hilshire gazel shaft for system Automation and bear since March 2023 and as head of product management industrial iot is responsible for open Ecco systems and Industrial Edge Solutions prior to this he’s worked for four and a half years at colog base Q Beyond aray a leading German it service provider and most recently is head of IND uh industrial iot industry Solutions and strategic Partnerships he’s also previously worked for several German companies as an expert for New Media and online platforms and after founding a startup in the techn park of the then German National Research Center for computer science in the 1990s he’s worked for several years at Deutsche Telecom AR in Bon and then managing director of knack is it nakar g nakama a leading German provider of B2B streaming services at the time so welcome and last but my not need least our host uh for today with a degree in electrical engineering from the University of kalu Oliver vitton Reed began his entrepreneurial career immediately after completing his studies and focused on electronic and Asic design Hardware microcontroller and embedded application development for Consumer Electronic automotive and industrial engineering with marelis Bight at his site he then founded viu systems in 1989 and Remains the company’s CEO Oliver is also director of the vdma regional Association in the state of Barton vitenberg and serves on the board of directors of the medical technology working group of vdma the board of directors at bitcom and the managing Board of the for forine of the research center and at The kroer Institute of Technology not content with all of that since 2023 Oliver is also the managing director of the it security security club which is a separate Enterprise situated at the house of it Security on viu systems campus the it security club was funded to grow and shape the local community of it security Specialists through collaboration and support with project management and funding so thank you and welcome to all four of the panelists um what I would also want to say is this has also been broadcast live over YouTube and on the goto web our platform um if you uh if you are watching this online and you wish to ask questions uh in YouTube you can type in the comments to ask a question or on the goto webinar platform you can type in your question there and that will be realid to me through the magic of technology to here and we can ask that questions I’m also going to ask the audience here we want this to be as interactive as possible so if you have questions raise your hand so that we can include you in the uh in the talks that are happening here today okay so I think we should uh we should begin um but what I will do before we actually start the questions is uh I’d like to ask each panelist for maybe 30 seconds 45 seconds just exactly what they’re looking forward to getting out of today’s round table so well if I think I’ll start with you so thank you very much for the introduction and uh before I go to this topic I’d like to say thank you very much for the invitation Olivia and also congratulation for 35 success in this small area Small industry but so important so it’s rpro so to speak uh but super important well if I leave this room um I also would uh have learned from the panelist how they see what kind of software business model uh will bring us uh the future so um if I have uh if I take home two ideas I’m more than happy because maybe only one idea survives for the next five years but this is enough for me okay thank you Andre so I I’ve got the luxury of um working in Academia for the last couple of years so back in Academia and I actually quite like this event because yesterday evening we already had a a lot of discussions where well I I sort of see the real world again I mean I spent lots of time in industry but uh five years have already been enough to sort of go to my Ivory Tower and here uh face a little bit of reality when I actually um hear about the real world problems that some people have with respect to uh my specialty software protection but also the license Al yeah for me it’s interesting to see the other opinions and also to see the changes in the market so software defined business models are not yet uh used so much what we did in the last 35 years is software protection that’s where it started with copy protection against piracy and now it changes more and more to flexible licensing and now it begin not only with the software on the PC but on other things that really software defined uh business models are starting and I think we can dig into that in the next two hours and yeah I will be more than happy uh if I had the chance to uh get to know uh to each other to learn more about your um expectations requirements we as a as a specialist industrial communication using BB Technologies to encrypt our industrial communication apps uh to to listen to what’s going on at the shop floor level uh at field bu level and and aggregate this data and and provide it for um following processing in it syst systems and systems and elsewhere and um it’s it’s a small facet for us but a very important one because there is also our int intellectual property part of that and of course monetization aspects but we only our enabler in this world and we have to see how we can help you and and whoever is is working in the field of digitization in Industry you know um can make use of uh this type of Technology and learn what the market is really demanding okay thank you very much uh now we all here work in the field of cyber security uh in one level or another and if there’s anything that we’ve heard uh time and time again over the last few years it’s this um idea of artificial intelligence and exactly how is that going to affect what we do products Solutions the industry as a whole so I think a really good way to start off here is a very top level is to to ask the panelists what impact do they think uh artificial intelligence is going to have on cyber security and business models and I think I’m going to ask Andreas to kick us off with that um first of all it’s a good question I I think I will need one or two minutes to answer that so um some people Nomi and for the last 20 years I actually spent a lot of my time uh in the domain of secure software development and in the domain of secure software development we we should we should follow a paradigm which is called shift left security so shift left basically means before you do anything before you actually start coding think so in other words what we do in the software security uh domain we do threat modeling thread modeling is a technique to support the entire secure development uh now what does that have to do with machine learning um when you look at machine learning uh of a refresher in machine learning you have a lot of data and with that lot of data you actually start training what do you use for training you use certain training algorithms then you compare the quality of uh the output and in the end you select a model maybe a classifier for for image recognition or meltic classifier for malw detection and you depl deploy that model and that sounds relatively trivial at least to some of us yeah the problem though is uh when you look at the entire chain uh then there’s a lot of stakeholder involvement so the person who owns the data yeah may be completely different to the person who later owns the model may be completely different to maybe the legal entity who’s doing the model training maybe completely different to the hyperscaler who is providing all the barebone CPU power to do the model training and with that we actually come to a a relatively complex playground of well sort of trust and responsibilities and my my take on this is it took us about 25 years to get software development roughly right and in comparison to what we face at the moment with M with respect to machine learning there’s um is still a lot of work ahead of us so and today’s round in today’s talk we are going to have have and we’re going to speak a lot about Hardware enabled security and also a lot about licensing uh you will always hear me going back to this little life cycle I just sketched for you because we see uh sort of Rejuvenation of Hardware assisted trust in different stages of the machine learning life cycle uh and also of certain uh software protection licensing techniques so that to me at the moment is where I invest a lot of my research ideas powers and uh I think it will keep us busy for the next 25 years does anybody else have a point of view yeah yeah you’re already touched the say points which are important not only in the Ivory Tower also outside the Ivory Tower um and uh one really very important topic is uh uh if you apply machine learning deep learning whatever technology uh you have to be clear um where comes the data from and who owns that data originally and uh we at mitech for example we do image processing Machine Vision it means we take image image Imes like a 12 megapixel image and reduces it to 5 byte or 6 by or 8 by or so which means that we condense the information the image to pass or fail or within the boundaries or without the boundaries to make that very simple and um as we were involved with the Deep learning technology which is uh state-ofthe-art today uh we found ourselves in the situation that we have a terabyte of data uh but we have to clarify whether we own the data or not because the idea was we want to provide pre-trained models which then can be adopted by our customers to fit their application so we ran an own process so to speak to clarify the IP of this data and the end was that we still have enough data to train our say OCR model which then is used by our customers and they can retrain that um since then we can simply say if if you we if you as a customer use our pre-train model you are safe because we own the data and we can prove this somebody comes so this is super super important because our customer they retrain the models with their data and they have no idea to share this data so uh data ownership uh is super important and uh it became know known to a large audience so to speak to the public just recently with the large language models where all the sudden it uh became came out uh that um Facebook and Google and you name it they have used properly data where the original is not so super clear and now Facebook is trying to change the uh conditions so that even the uh usual uh your usual types you usual uh little slogans what you type in they can also use this for retraining so if it is a it is a very serious issue and there’s no really good solution to it and I think you can spend more years on looking into into this matter anybody else like to say something yeah I an uh very challenging topic we are working on that as well and uh we can see three different topics one is protecting the AI itself protecting from the AI and using AI to make it easier for our customers to integrate protection in their applications so protecting the EI that is something we have Solutions already at today so we have for example a protector python that can very well protect python code for AI applications on host systems we can also protect the GPU code uh at least as long as it’s stored on a on a file system prior to the transfer to the GPU itself and and we can protect AI models AI models against direct theft and against uh manipulation so protecting the Integrity uh or freeze the AI model which is important for applications for example in in medical devices where the eii model needs to be Frozen at the time of certification of the medical device so that’s uh where we are working already today still there is room for improvements and for further development and the other side which is uh then even more sophisticated is that we Implement AI mechanisms in our protection Suite to make it easier for the developers to integrate the protection in their products that is not available yet but that is something very interesting for the near future as well and if it comes to data protection um for personal data in theory there’s gdpr or similar rules in other countries if it comes to Meine data there will be an au data Act coming into place also very soon which will be interesting again because the ownership is the ownership of the machine uh which is not always clear if the machine is not owned by a factory but owned Maybe by a bank uh then the data also in theory belongs to the bank yeah that’s some topics about AI from my side uh in contrast to image processing in the let’s say classical manufacturing industry uh data is not available at this scale so the first challenge is to make data available because usually data exists between a PLC and some sensors and actuators but you not get access to that data so first thing is how can we get data uh access to the data and where is it gathered certainly not directly sent to the cloud because also the cloud has a business model uh and and sending tons of data to the cloud will make AWS and Microsoft happy but not the owner uh so uh there is still a long way to go in classical manufacturing uh to do a lot of retrofitting to attach additional sensors iol link is a is a very good example of uh attaching dig sensors to machines and production lines which haven’t been monitored this way yet and then additionally uh listen to what’s going on between PLC and the rest of the manufacturing line and and take out the relevant information and do some pre-processing with it and then build up your model and then the question is who owns it uh the again right the the operator the the owner of the machines or the manufacturer of the machines who provide the interface to access the data so certainly that has to be discussed and regulated uh I think there’s coming up something from the EU about this because we yeah data act you know because uh we know about what personal data in the cloud but what about machine data and how this is handled I think there’s still a long way to go uh to make that available the algorithms are there the technology but the circumstances are still not clear let’s let’s move on from this I mean you mentioned the new data act um what impact do you think the European legislation is going to have on the cyber security and on your business models and the business models are out there to like to so I I probably want to do one remark um to answer your question straight away I don’t know very easy uh but I have a wish my wish would be uh that uh within the European un Union we are more supporting Innovation rather than regulation uh and uh I really have an issue with um this big Force towards putting more regulation on the table and uh even forcing small and mediumsized companies to do tons of paper material uh to just say this data can be at risk in some situations uh in our world in our Machine Vision image processing world we don’t know what our customers are processing what kind of images what kind of objects they are looking at this is such a diversity so I’m really having trouble uh following all this regulation of course we will follow this because we are a German company and we comply with all the rules but I’m questioning the effort which is set inside this regulation and I’m questioning the effort which a small and mediumsized company has to fulfill in order to comply with the regulation I I shouldn’t I shouldn’t say it actually go on now I do I do it so so yeah we’re among Hello World um so three four weeks ago I was invited to an event also sort of security it security event and there was also some I think it was a lawyer he was speaking about one of these many regulations afterwards he came to me and he was like do you find that interesting you know do you ever watch like Homer Simpson when he’s got this little bubble which says like don’t say don’t say I just said no so I I was just very honest um I I do very much understand why we need these regulations but in my very Ideal World uh security comes from the spirit of the development of the product team so it’s it’s an intrinsic feature if it is coerced and forced upon a development organization ation by a legal entity uh it’s too late basically so that’s my take I have got no clue about these regulations I avoid them as much as possible but I’m a fierce believer that U good products come from a good spirit in the development but also good product needs uh rules you know and and uh to protect the users I would say and um so many companies especially small and mediumsized they are now forced to to start to work with these Technologies not really knowing what what’s going on in the apps or the how the data is handled and interfaces and standard passwords uh and uh they have a lack of skilled workers so I think it’s very important to to raise the level um to which or such Technologies should be used especially in the industrial domain because it’s really crucial for this company we all know what happens if Ransom software comes to a to a it system uh close to the area where I live there have been 80 communities blocked for 6 week I think because the local it service provider was hacked and the files were encrypted and these uh social communities they couldn’t pay any subsidiary to people living in this area they uh paying for the rent and everything so there was they couldn’t issue any number plates for cars anymore so it’s a real threat and uh for for companies producing things and now connecting sensors even if it’s iol link and connecting it to a cloud service and not KN exactly what the the threats are I think we have to make that public and aware what’s going on and we need these standards and uh we as Hillshire as a a main business is is providing chips and components to connect devices you know to build plcs program those plcs Etc and it has to be built in we the industry must be for the the component industry including Hillshire must be forced forced to to uh reach that level because the users usually do not have the knowledge about potential threats and the manufacturers of such components for digitalization they have they must be compliant with the necessary standards to protect their customers and this is why I think the Cyber resilience act for example is a good thing and um we are really also our customers were extremely working on that and uh I think it will help and prent damages yeah that’s true I can agree uh on the other side of course it creates extra effort for us all these regulations AI act data act cyber resilience act and so on but what’s important then that uh gives a positive aspect is that it’s maybe not a European thing only so these standards should be somehow harmonized globally and that has been some of the topics of the political discussions last week with our Minister Harbeck in Korea in China as well that we have clear rules how mchine data for example uh can be transferred cross border cross border and are allowed to be transferred and by International standards that are at least uh similar in the most important points for cyber resilience act regarding the tempo protection and security of devices regarding data act about the exchange of mchine data and regarding gdpr maybe as well uh regarding the exchange of personal data then it makes the life U uh easier for operators and for manufacturers of devices that can be sold and used globally and not being different for each different country in the world which is uh would be a nightmare for small and medium-sized Enterprises and we would be not able to fulfill that rules if it’s different in each country let’s let’s stay with you Oliver I mean you’ve you’ve recently been to uh uh South Korea with the uh um German trade delegation Etc we have opened officers over there you’ve got officers for viu in around the world in the US Etc let’s say how where do you think Europe and Germany uh stand in the areas of AI and cyber security compared to let’s say Asia and America I think the contents is not so different so uh gdpr compar compared to the Chinese uh I don’t know the name now uh something like data security regulation there is very similar but uh the international uh but but all of them says personal data need to stay inside the EU personal data need to stay in side of China and that might be in other countries the same again so there need to be clear rules under which uh conditions this data can be exchanged cross border and especially for mchine data predictive maintenance uh all these applications also you are doing this this in in the Industrial Automation with stco containers and the data shared uh it’s necessary to do that cross border and there need to be a be clear rules that uh uh the data is not uh stopped at the bottom okay but where would you say in terms of actual Innovation I mean one of the things that we got back to here was Innovation rather than regulation so in terms of innovation for cyber security and uh uh data protection recognition where do you think uh Germany and Europe stands in comparison to Asia and America who appear to sometimes if you look at the media have a different approach to people’s data complet completely different yeah so in in Germany and in the EU we are absolute on top of Regulation so if you look for many many rules then you can find it here and if you look for many regulations we have it and we execute it uh to a Perfection level and that sometimes uh also hinders Innovation and makes uh Innovation or progress slower if you’re looking in the field of AI uh and the use of um medical data for example if you have a lot of medical data from for many many people and they can be used in the benefit of the people in in Germany or in Europe it’s quite difficult so I think research institutes have an exception they get all medical records from the hospitals in Germany but uh for commercial use and maybe use for training so that AI can support the doctors in detecting anomalies and detecting sicknesses uh it’s very much Limited in in Germany and in Europe that’s uh on the Privacy side that might be an advantage but uh on the side to help the people uh to defend their sickness it’s a hindering but not just not just regulation I mean in terms of actual Innovation do you think we’re further I think what maybe one one uh topic uh yesterday or the day before yesterday was a news um that uh Volkswagen uh the largest car producer here in Germany uh is Now setting up a joint venture with rivan rivan is a us uh company based in California and they do electrical vehicles but there are core IP I think is not the hardware of the vehicle itself it’s the software within the vehicle uh and lots of the software is AI driven because uh it supports autonomous driving very well um so if you if you just read the news to say okay this is just another joint venture MH but you have to know that uh Volkswagen set up several years ago kard an own large entity which tries to build the software unified software platform as far as I understood for Volkswagen basically they have not reached their objectives so far aha a company with more than 200 billion Euro turnover per year is not able uh to uh set up in innovation in order to make autonomous driving uh happen so I think we are really not at the top notch of innovation here it’s happening somewhere else in a company which produces billion dollars of losses just look it up Rian yeah but the cars by the way are great I saw them this year so but this is another Point uh so we are not at the top notch of innovation in here yeah but Innovation doesn’t help really and they’re burning money and this is why they are desperate for the money for Volkswagen uh to find some common ground and so both companies have big problems and Innovation from the US might help you know but it’s not uh it’s not an advantage in itself so they have to prove that Corporation works and uh better than on their own so maybe it works but uh rivan hasn’t been very successful in the US either yeah this is true they are burning money yeah and this helps them but my wish would be that uh German car manufacturers able to develop this by themselves I may I wanted to make a point on can’t help it J gdpr uh actually I find it quite common misconception that gdpr uh inhibits machine learning I I I basically think the problem is that uh maybe we in the sort of European world we are not that good in understanding data because there are lots of techniques you could use tokenization techniques actually encryption techniques Outsourcing personal data into separate lookup tables and so on you can do a lot of stuff with personal data to make it suitable for machine learning purposes you just need to be unique need to invest a bit more time that’s true uh and you need to understand the data but this common I I personally actually think it’s a big misconception that gdpr inhibits machine learning bit more difficult but it’s not it’s not a showstopper what do you think needs to happen to increase the rate of innovation for Germany in Europe to be able to to move faster than those companies in Asia and America and it can’t just be regulation early education education that’s what I you would say that for sure what is uh anybody else yeah I think that’s uh uh education’s one point yeah and education pays for what we see in 10 or 20 years so uh but we have to do this we must do this there’s no way out uh another point is that uh financial situation is completely different here so the startup scene uh in Germany is not bad uh but by far not as good as it is in the US so the willingness to spend Capital uh for you know small steps and the ability to say okay I’ve lost some money but you know in in the other round I gained some money uh so this you know fail and learn approach uh there’s no habit uh basically here there’s a resistance that people say uh you know if I fail I’m the bad guy no you’re not the bad guy you have done some learning lessons with you know know the other 10 people in the room have not done in their entire life so now you have learned what you have to avoid for the second round go ahead and we don’t have this um this mood this mindset uh uh so we need uh a better ecosystem for supporting also startups and let them fail let them grow uh this is completely different here yeah U I know you’ve started with a a lot of startup interested to hear your point on this I think it’s about where the money goes because as you have seen the interest Ro interest rates have gone up and so of course investors go there and and get better return on invest than investing in their startup uh and another thing is is the global reach I think in the US maybe also in China now where there’s a lot of money they invest in global business models you know in Germany you think about yeah being good in Germany or Europe but they do not have the vision to be a global market leader and needs Global invest I mean Elon Musk he spent a lot of money but forign other people’s money not his own you know and uh so and they have Global businesses in mind and here in Germany or Europe we we have a limited approach it’s about mindset right but it’s also about where where does the money go and currently it goes into interest rates rather than in startups I would say mindset is a very good uh uh word for that what’s missing and that’s not only uh for startups and for uh the willingness to fail and maybe then start again and Having learned something I think that happens in development departments as well so having the um the really get taking the risk trying something new uh doing it in another way not by not uh trying to foresee everything which could be required in the next five years and writing hundreds of pages of uh documentation and requirements but starting with something with some basic elements only trying to get customer feedback seeing if we meet what the customer wants and then enhance it step by step uh maybe the in in Asia that is very common to do and they go to the market with products that are not mature any in any aspect maybe that’s too early maybe we would be better to do a good mix between the old very careful design and development what has been good in the past for Germany to grow and to have made in Germany quality uh recognition globally and this uh fast things with uh doing it quick and dirty and going out to the market maybe something in between but trying to be flexible agile and so on and being uh faster I think that is something that also differentiates Germany and Europe from Asia and us uh Asia and us they are faster they start with uh uh and going earlier to the market and that is something we should do as well the thing is in the field of cyber security the term quick and dirty doesn’t doesn’t quite work that well yeah yeah that’s that’s that’s not good that’s right yeah yeah yeah so you need to you need to have a certain level of sec you need to have that from the very beginning so you should not even do a prototype or a proof of concept without uh taking uh secure software development Cycles into consideration that is something that needs to come into the blood and it needs to be basic uh in every step that is done okay well uh I partly agree because I think uh it needs a good mixture so if you want to be at and fast you need an MVP and you’re not covering everything and maybe it’s not the complete solution but you you develop a notion and in a second or third step you can start to build a real product outut even be compliant with cyber security things Etc so uh and uh it has to be the use case which is in focus and and the the usage for the the benefit for users and then in the second and third step uh build in the necessary necessary uh cyber security I would say being aware of that but it’s it’s not cyber security at least from where I’m working in is not solving a problem it’s a prerequisite you know to actually have it rolled out and deployed in real factories MH if you work in cyber security directly as viu is of course it’s a different approach but if I want to make Innovation I I do not start with cyber security I’m thinking about what problem I would like to solve so I would like to add to Oliver’s comment I I personally think no I’ve seen it it’s completely possible to have uh secure software delivered fast so that’s for sure if if your organization your development organization really has got a good understanding of what I earlier referred to as shift left and really think first a little bit in any case it’s way cheaper to to um to have a proper design uh than trying to fix a broken design once your code has already been deployed on a productive server that’s for sure um what uh what concerns me though um I’m I’m really not a specialist in machine learning but uh it it seems to me that uh all the stuff that we learned so painfully over the last 25 years in Secure software development we completely forget now with respect to this machine learning life cycle I I give you an example uh We’ve we’ve got all these wonderful algorithms we use for training purposes I don’t know random Forest nearest neighbors whatever they na Bas and um even the inventors um if you look to the people from Sil Valley even the inventors sort of admit that uh with respect to these training algorithms we are sort of where we were with crypto 35 years ago we have basically no control over what these algorithms are doing and for that reason we’ve got this huge problem of adversarial models because the way these models these these algorithms are used to to train a model again maybe a classifier image recognition uh they’re completely not robust against adversarial attacks and so what are we doing at the moment um we’re doing exactly what I don’t propagate we do sort of shift right we try to use some additional testing library at the very end of the process and try to fix it and it’s already broken and luckily there seemed to be some very clever people namely the inventors of these algorithms who understood the problem but uh at the moment we are seem to work it’s not broken but we know something is at the algorithmic level fundamental flaw in machine learning unfortunately we seem to have to live with it for next decade until they propose a new set of adversarial robust I mean when you when you speak about you know that sometimes it feels that there’s no control and you’ve got these adversarial models and stuff I mean we’ve spoken about regulations but what about um the rise of international standards in the in these areas how much does uh International standards really play a part of all of this so first of all I got no idea about International standards but I give you an example an example why uh while we we will always have security problems maybe it’s not clear to some of you but products you deliver to the market they hopefully your products generate money why do they generate money because they offer functionality to the customer uh up to the point where maybe an adversary uses this functionality legitimate functionality in a completely unforeseen way for that reason you cannot have perfect security very very often the adversary just uses legitimate fun if you would turn it off you can’t sell your product um sorry I have to come back to these adversarial models now what what do these models do we’ve got a wonderful algorithm for image classification and what it is is basically multi-dimensional highly optimized statistical Network and if the versary is just able to identify the very very sweet spot at the decision boundary maybe just one single Pixel yeah then you’ve got usual example is you got a sweet picture of cat because CH one pixel identified as 9% and that is also this models that we train they offer functionality and most cases they do wonderfully for that reason we unfortunately we have to live with some problems for a long long time until hopefully clever people find solution and they did in crypto by the way yeah oh yeah yes yes yeah let me uh come back to the standards uh question um in in the Machine Vision World there are many standards uh and uh this is not so much linked to cyber security but I want to uh highlight a pattern what we see also through my work at the vdma um and this pattern is that um uh there’s a strong move of China to uh also set up their own standards uh also in our section in the Machine Vision World um and um this is mostly a derivative of what has been developed like 10 or 15 years ago uh in the western world if you want to say so so what what we see is that the original say really perfect idea to have an international accepted standard uh throughout community of countries or of Industries to say it this way is broken up so uh actually what we see is that the standardization uh efforts uh in the Western World deviate from the standardization efforts in China and China is a important player in our Market there’s no doubt about it uh so um we see that there is a shift uh our products which we supply to the international markets they have to comply with the standards here and they also have to comply in the future the standards inside China otherwise we going to have a problem uh inside China I don’t hope that this will happen on the cyber security uh end as well but I fear it might be one of the uh presentations we had today uh was from uh Daimler uh and they talked about digitization which I think is a you know the the effects of digitization on let’s say traditional business models you know if we say over there uh and especially we’ve also heard about cloud and the pivotal role that cloud is going to play in these particular areas um can I throw it out to to you gentlemen how you think digitization in general changes the industry’s traditional business model so how does digitization if you know we’re told by kly Fiona that uh um you know everything that can be digitized will be digitized is this is this going to have a huge impact upon the traditional business models Andreas um can just tell you an example from some of you are my age remember the good old day when you sort of had to set up your own Tomcat server on your own machine and it basically took you six to eight hours to have a a web server running now I don’t know if anybody ever even five six years ago tried to do the same thing with an Azure cloud or AWS it takes your five minutes to get a service running these days you you have got your development environment your Visual Studio code and it’s basically serverless functions you just if at all you hit a little button and the thing is running and so for sure it’s it’s it’s totally clear that uh from productivity point of view you uh the cloud model is there to stay and if anybody has I totally understand that certain organizations will not adopted for certain purposes but the world where I come from service oriented world or sort of where everything every resource is just accessible via rest call for example uh in in in that domain it’s uh it would be foolish to try and again move back to an non premise World from a productivity point point of yeah I think we are still in the beginning of the digitization and the digitization of business models in products so there are some things already on the market so software is mainly sold uh on a subscription base now or very often sold on a subscription base and maybe also in the cloud not on premises anymore um for physical devices for machines it’s still the exception so that’s slowly coming that uh physical device are also customized or tailored to the customer’s demands so that you have one physical device that can be really uh with a basic functionality that’s always required that’s always in but then the additional functions are activated when the customer needs it so the customer gets exactly the product he needs and he pays exactly for what he needs and this payment for specific functions can be payper use or can be subscription there are some examples of already if you have a air compressor from from kaser you can instead of uh buying the device you can pay according to the generated air if you have a big machine from trumph you can get a business model like paper Parts but that is still in the beginning also in other kind of devices and here’s a um big future also for our licensing and protection Technologies because with software licensing and more and more feed es in machines in devices are software realized much more than in the past Hardware is more standardized software is more doing the functions and uh here the new business models can really create uh benefits for all sides for the vendors that can create recurring revenues for the users that only need to pay for what they need and uh with new business uh models as well so I think we will see a lot of changes in the next years I would like to separate the topic of digitization and Cloud so why is digitization important for industry uh in the past Germany has been very successful in SE building and selling machines and selling spare parts not getting paid for the service uh I had customers in the in the past uh they did support free of charge telephone five support people for two years because it’s the warranty uh period but then they the people continue to use the same phone number and every time they had a problem they called for up to 10 years so service was always a cost center right nowadays there is a lot of competition right especially from Southeast Asia the the largest uh machine building export nation is China nowadays so you have to do something and your classical business model will not work anymore so you are shifting to service that’s one point on the other hand and there is a lack of skilled workers you know retiring the boomers are going to retire so what do you do with all your expert knowledge and and improve efficiency and in your production so you need to have data to learn more about your your machines and your production lines and artificial intelligence might do the job of experts who retire and uh so hopefully you have a good model drain model to do condition monitoring or predictive maintenance in your production line in the future not having the experts to do that as in the past so that’s one thing uh and and uh this is why digitization is so important and uh once you have the data you can start to think about data driven business models you know turning capex in Opex and and and so on there it creates many opportunities definitely and and people will try to we try out what what what do people accept right so for example in in the application domain everybody’s talking about software as a service but the the machine Builders they don’t like to pay a monthly fee for using software software usually is free of charge they used to pay for Hardware so what you do you sell Hardware with software for a one-time fee and then you charge sub update and support in the subsequent years you know it’s not that easy to turn turn existing models into new business models so that’s that’s one thing why digitization is important and will make its way definitely uh cloud is is a separate issue and uh at the moment I do not agree with you because Volkswagen is very foolish they say no way in my production line there is no contact to the public Cloud full stop you’re not getting in so they might be foolish in your point of view but I think at the moment they’re doing well and um so we have to see what benefit brings a secure Cloud to users as I said before tons of data in the cloud doesn’t make sense so it has to be the right amount of aggregated interpreted data in the cloud to do some Global or centralized uh analysis of data but not all data has to be transferred to the cloud I might correct what I have been saying uh with the exception of some blue chip compan companies which have got enough money to run their own data centers you would be foolish not to use the public Cloud here yeah one more comment um uh I like the quote which was shown uh by the gentleman uh from Mercedes um uh as the woman I think it was a European Union commissioner I’m not quite sure she said that everything which uh will be can be digitized will be digitized I wish that uh um ger the administrations in Germany would follow this approach so this is one more comment and another comment is um and this is more practical Point um as this was also on the slides of the mercedesbenz B you mentioned that uh uh just now the the shift from uh carpex to Opex so Capital expenses to operational expenses um this is very easy to say but uh the big problem this is what we learned from our our customers is that the budget processes are simply not designed that way the budget processes are designed the way you spend money and you own that thing this is exactly what you said um if uh you have something where you know this machine will work for at least 5 years usually for 10 years uh you have to bring this into your balance sheet you have to bring it into your financial reports so this creates dependencies which uh are not as easy uh to solve or to set up uh as you would probably think this is a real Hinderer for going forward uh with subscription based models on a large scale so it does seemed as though we’re coming back to a lot of companies that say listen I want to spend this amount of money I want this return or you know this amount comes back and I want to own what it is you yeah exactly so um uh and and this has not been s out because there’s no process behind it uh if you come with the idea to your customer and say you know we also have a different model they go back to the financial accountant and he simply says oh no this is that this is uh we have never done that the point is they have done this if they run sap they doing it already yeah so you have to talk to the right people then uh because they already have software running uh which is based on Opex um but this is a process and I personally think this will take at least another 5 to 10 years before uh this becomes more a kind of usual thing oh you know we add another software under this umbrella of Opex and we are fine we can we we can deal with it I let’s let’s talk a little bit I mean you’re talking about the product but we don’t talk enough about what is the price put upon user experience in the these areas especially when it comes to trying to balance Innovation with security for a better user experience so I mean let let me throw this over to you Oliver I mean how does a company maintain a balance between Innovation and cyber security say uh that’s different we you you the the cyber security tasks you need to do that is uh like U explained before that doesn’t create uh customer benefit from from the functionality but without having this uh security integrated in the product the product vend or product manufacturer cannot make sure that the product is working as it should be and uh it’s much much more expensive in the end and it’s no more compliant than with the new regulations coming if the product uh vendor uh says my product is as it is and to use it in a secure way it’s the task of the uh of the user of the of the operator of the machine of the device that is no more possible because in many cases the user or the operator is not possible to make a envelope around the machine or the the product to make it secure the security needs to be integrated from the very beginning I think from the user point of view this is I would boil it down to risk assessment so what is the risk if I don’t have that M uh and uh this was clearly visible in the last talk of tetra uh where the risk is you’re losing your IP okay this harms you this is not good uh second risk is uh you let your customer produce something which he doesn’t want to produce so that means second thing you lose your customers yeah uh and it’s like with every risk assessment what is it uh it’s like uh you take uh uh um say uh the money uh the pile of money which may you you you probably lose or you have to pay um and then you multiply it by the probability of the event then you get something uh which is the basis of what you want to invest for cyber security um and I’m I’m I’m I’m saying this because in Machine Vision it’s sometimes a little similar uh because you inspect something you can also say I don’t inspect my produced Parts they’re all good uhuh we have six or three microns or whatsoever and everything is okay however if this device goes to uh say a wafer setup and it’s scrams a wafer which is worth $100,000 then you have lost $100,000 it’s also not so good so um uh I think uh we should more look at the side of what is the risk which is involved in here and the the risk can be tremendous this is I think the difference uh to many other uh assessments uh concerning software which enables or where it helps actual uh machines to produce something no maybe okay again I shouldn’t say that it’s security expert but functionality first always that’s uh uh if if if you deliver and again it’s it’s actually very interesting in because my perspec so I’ve got lots of Hardware people here again I’m a complete software person I’m no idea of Hardware basically in in the software world if if a user cannot integrate an API seamlessly immediately into their product they will just go somewhere else yeah they call it churn and attrition rate what the big web web companies measure basically so uh but but again uh shift left I think you can actually develop a quite secure product which is very very functional I think there’s no there’s no contradiction there’s so you think that functionality is the prime reender for the in the development for the majority majority of software yes but before I stand corrected of course medical software and a certain automotive and avionics it’s completely different I understand but my my perspective is on average consumer software and their functionality first otherwise you lose money immediately and user experience I think you to make user experience to make it easy to build to build uh good user interfaces and and uh instead of having too many functions and um yeah and therefore software skills and UI skills are extremely important uh for acceptance and the usage and benefit yeah definitely oliv it did you want to yeah user experience uh few minutes ago the keyword Hardware was said by you Andreas and user experience has also something to do with trust and trust you can trust something only if you think you understand it and uh if it comes to dongles so everybody of you knows dongles from I don’t know 1985 with the first PCS there are dongles protect the um uh PC software for being pirated but a dongle today is really a piece of U trust anchor it’s a system that is uh with limited complexity that can be evaluated that can be tested um that can be really secure while complex systems in the cloud even on a PC or on a server they are so complex with so many components uh on the software side that nobody can uh evaluate really and try and and and guarantee some kind of security so a a small piece of Hardware as a trust anchor is very valuable even in applications with the cloud where the edge devices or the endpoint devices have a secure identity and something that is easily uh uh put into such a small Hardware device so and uh many people thought that dongles will disappear of course the dongle for CAD software on your office PC that you have a dongle connected to each PC in the office you will not see that anymore you have that either on the server or you using software based licensing for such applications but it comes for industry applications giving a machine a secure identity that is used for t uh for for for predictive maintenance for communication of the machine with the back end that makes a lot of sense to have such a small Hardware that is trusted and secure I know we were speaking about this last night we were I’m going to capture the conversation now because this is actually I I find it quite fascinating um if if again if you look into this sort of Ideal model I sketched with the machine learning life cycle and I told you that there are lots of different parties involved uh uh legal entities physical boundaries and computational boundaries um if you look at a little bit at the the literature over the last last 10 years there’s a significant portion uh of Publications which actually show how to use what Oliver just called trust enablers um in these uh distributed settings yeah so there’s um maybe I just throw a name there’s a very interesting paper it’s called perun P Ru n perun and they actually show how they use uh a mixture of for example the TPM chip uh Intel’s sgx enclav technology and and some other things to make sure that the entire machine learning chain is secure yeah so the TPM but it call it could be any trust en basically uh for for having some Hardware assisted route of trust for all the cryptographic keys because if you got lots of data owners you need lots of different Keys basically because uh the data will be encrypted under the different Keys um if you want to make sure that maybe certain parts of code run in an environment you can control you use something what we learned this morning uh code shifting in a cloud setting maybe people use some enclav technology the hypers scal is to provide this so it’s actually very very fascinating because uh uh lots of distribution lots of virtualization lots of making things completely digital but then people actually really want to have Hardware rooted security back yeah ranging from small cryptographic or Hardware tokens up to huge rack scale Hardware security modules or for Enterprise scale cryptographic Key Management so it’s actually quite an interesting development over the last 10 years oh sorry yes yeah glad that you mentioned TPM uh this little trusted platform module is more or less now mandatory in uh industrial PC or Edge gateways so we think we expect especially for the CIA that the hardware has to have a TPM on it uh and and serve as a trusted route for applications and the certificates um we as a we’re not building Hil is not building Edge gateways or industrial PCS but we are we are getting it from Big producers such as advantech in Taiwan and but we have to make sure that IND the Manu IND in the factory where we um transfer our operating system onto this Hardware we also deploy the certificates and and really prove and get a certificate on that that it’s all compliant with CIA etc etc so I can imagine that a standard TPM will act as a a trusted route for different applications on such devices and um so definitely there it became more more important and uh we have customers now who ask to uh provide their own certificates in this Hardware so we have to interface our Factory with their environment to get those certificates because they need it on the device to communicate with their cloud and I’m sorry oliv please just and and what I also observed is um staying with the TPM again uh five years ago it was basically rocket science to use a TPM I I don’t know if anybody ever tried to program a TPM it’s it’s it’s the interface is was quite nasty uh but uh actually now uh these days they just released uh um high level interfaces for python basically so making it much much easier to to use these things and that’s actually one thing I think which is very important for also for companies like viu that the Technologies become really easily usable uh also by maybe not highly proficient developers yeah and uh we have seen this morning that uh the codem containers the licenses so where the software vendors or device manufacturers stores the licenses and conditions it can be software based by activation with our with this encrypted and signed license file which is bound to a fingerprint of the target system if the target system has a TPM module it will be bound to that TPM module as well so we are using that as a uh security anchor then for binding the software based license or it’s in the dongle with a security controller like in your passport or it’s in the cloud well with uh we of course we need to trust a little bit the cloud operator where the Cloud Server is hosted that’s one point another point I would say uh in regard to trust um if you make a security solution that seems to be complicated and nobody un understands exactly what is done it’s very hard to get the trust so many years back we got the German it security award in a research in a in a collaboration project together with kit and fzi here in cars with our prur box protection scheme and um we win the first prize in the highest Award of German it security price that was €100,000 EUR what we got for that and uh what we did is we published all the mechanisms that we are using for protection so the customer who is familiar with these Technologies can himself understand against which attacks this protection scheme provides security and against which attacks it cannot help and the basic at the end that the that the protection is working is that the cryptographic keys are kept and stored in a secure way that they can be not compromised if it’s a private key or if it’s a symmetric key and they cannot be manipulated that’s the basic root of trust and security and I think uh security by obscurity will not work so we need to publish the mechanisms we are using so that people and companies can trust our technology it does seem to be that um you know for the past five six years all anybody’s spoken about when it comes to software security is software but it does seem to be that hardware and certainly physical elements such as dongles ET seem to be coming back as people really want to you know and companies really want to have something physical in terms of Hardware security don’t you think yeah definitely you think I mean I mean if if I I bet at least some of you got like UB key or something sure that’s that’s where we see it sort of oh sorry that’s where we see it in the consumer space UB keys and definitely all this Hardware assisted trust at least if you’re here catino manufacturer then they took a lot of effort to to get uh to get trust into this Hardware into the entire ecosystem basically yeah it’s also surprising for me I have to say but it’s customer driven um so the customers uh feel more confident if they have something in their hands even it’s small uh and uh it’s it’s more like I believe more this little device rather than I believe what is in the PC industrial PCS are a little bit an exception because you can Custom Design them and this is mostly done uh and so there is a higher level of security already involved um but uh the truth is that the dongle is not the dongle is dead the dongle is alive where do you where do you think we’ll be in about 10 years if we continue you know this use of Hardware I think one secret is that um uh there are not so many uh say CPU producers in the world which are substantial um and uh there’s probably a resistance uh to believe this huge manufacturers but there’s more belief in small piece of Hardware which comes from a small company uh and you know what they have built in there so uh I think it’s more psychological uh way because from the technical side I think uh companies like Intel they can uh provide other levels if they want to um but uh if you have something which can be custom made for yourself and now I’m talking as a customer so to speak um then uh I feel better uh I feel like uh this is for my customers there’s my logo on the dongle and I’m responsible for that towards the customer I cannot uh reroute the responsibility for my product to Intel which I don’t want to do uh so this is more like psychological Point apart from all the nice super features you have on the d uh well I think look at 10 years in the future um everything will at least at the factory level Industrial Level everything will be IP uh because at the moment um there are new Innovations happening also in Europe in Germany um so uh industry is looking at new standards of connecting devices and sensors called SP single pair ethernet which is two via technology or about 1,000 M uh possible to connect sensors to a controller or an IP network and um in the process industry it’s called APL Advanced Physical layer uh so uh it will change a lot because it’s cheap it’s easy it can be installed almost everywhere and there is no 5G needed 5G is dead as far as industry is concerned big companies have start to remove their 5G 5G demonstrators so every bit everything in the factory will be hardwired will be single pair Eon net and the protocols even things such as iink will disappear the concept of having a sensor description in a digital way is great but everything will happen at the IP level and then everything can deploy this way uh to sensors to activators and maybe even combined to the cloud so it will be a very homogeneous environment where you have those mechanism I mean even contain ERS and and deployments and Docker uh where does it come from it come from it and and data centers where you deploy web servers on the Press of a button and talking about virtualization of hardware and all that will play a major role in the future and the IT technology I made a bet with my former boss I I said it will overtake OT because of the the the the flexibility and everything and I think many field bus protocols will just disappear and will be replaced by native API and gigabit Ethernet and a very homogeneous environment to deploy apps and software we even see that in in automotive area where the in Germany we have this many uh control units in the car while a Tesla or the Chinese ons they have one powerful computer in the car and connect uh devices without intelligent so two two completely different concepts yeah one more Point uh and I like that you’ve mentioned that 5G is dead uh there was I think the idea behind this was that uh we save all the wiring uh uh but um uh uh my experience is on the shop floor there’s a big hesitation to really connect to the public internet this is shop is closed and it will be closed it will stay closed also in 10 years um uh because you cannot afford that you know if you have four production lines running in parallel like 50 m long if that they stop just because of an incident this is way too much money so and with this new technology uh which is then old cable technology so to speak uh you have way more flexibility but still you need to make sure that the data you uh sent over these wires are complying to what you have specified so you still need to have mechanisms to ensure the SEC security and integrity of the data what are the different transport layer on the different transport yeah yeah yeah exactly exactly yeah so you need to use the I think the ISO model still holds on this end uh and then you have to you know start a level three or four in order to make five on on this level to make this sure yeah um I want to move on a little bit uh from talk about Hardware to uh secure software licensing which is obviously you know quite a a huge area to talk about um and especially I’d like to start with you Oliver what opportunities do you think that um secure software licensing opens up uh for instance through extending Target groups through customizable products or what have you yeah uh in when we started in 1989 we did software protection for PC software today we see software everywhere we have software list features and functionality in all kind of devices and that opens of course markets to new areas and uh areas where you didn’t think of software licensing have we seen three samples today 3D printing data okay you are licensing not the software you’re licensing the the IP for the of the product that can be produced that is something new um protecting AI models is might be another one protecting the digital twin and uh the information in this AAS in this asset application shell is something in the future that will happen but if we go not so far if we go to samples that are already in place today you can go to sensors in the past one of our customers they produced huge Varity of different sensors and of course the customer orders the sensor that is currently not on stock but other sensors the customer doesn’t are not order ring is on stock so that’s a bad situation and they have to produce many many different parts today uh this company is reducing the hardware variant very much and they configure the functions of the sensor using software licensing at a later time sometimes even at the C only at the customer side when the customer installs the sensor and switch it on the first time or or operates it the first time then the sensor really gets uh the configuration what type of sensor it is of course that it’s only possible within a certain limits of the of the uh visibility of of the of the hardware what the hardware can do but that is new business models and new applications that will extend our business a lot so I would actually support Oliver here um so specifically with respect to to AI models so again doesn’t really matter whether it’s an image classifier or some generative AI uh license based or cryptographically enforced Access Control uh is one of the most important features because as I tried to explain to you earlier oh sorry for being so patronizing uh the way we build these models at the moment uh there’s a very interesting paper which is called blackbox attacks are always practical which basically means you cannot at the very moment from a theoretically theoretic perspective uh protect your models against an adversary because the adversary can always ask questions your customer can always ask questions yeah in the worst case I give you some examples what could happen in the worst in the easy in the best case you just lose money because you built a product and you have no control how people access it uh in the worst case as it has just been documented a couple of months ago uh the adversary only needs to ask three four questions to extract a terabyte of training data get that yeah so that you ask questions and it spits out not the exact training data but 99.999% data which is very uh similar to what was used for training purposes remember it’s a statistical model so it answers with a very high degree of statistical Precision yeah so it and people have shown that it’s possible uh so uh and as I tried to explain at the moment we have got no idea how to uh there are no algorithms at the moment which are robust against adversarial attacks yeah and coupled with that you want to make your models accessible to your customers so you need to start thinking about how you have enforce API access control over them and then couple that with um some license-based model because you want to generate money yeah and maybe also you want to have a license model which allows you to ask more fine granular questions to your model so your Bronx user he can ask some questions but he only gets an answer with a limited degree of precision which is good enough for him yeah and maybe your Silver Star customer gets um an answer with 95% precision and gold star gets 99% precision and at the moment there are not many solutions who can actually uh deliver this fine gr Access Control coupled with uh licensing conditions yeah yeah you are right and uh so extracting the AI model with clever questions is possible one of our BL box protection mechanisms is something like a speed limit so against FR fors to limit the number of encryptions per time interval that are allowed and then you then there is a delay so something like that could also help to protect AI models that inquiries from a from One Source uh are limited to uh number of inquiries that are useful and that make sense in in normal usage but avoid that somebody is trying to make many inquiries in a short period of time just for the purpose of uh getting IP let me ask I mean what kind of Licensing models do you think think will dominate in the future so um as we started uh our subscription model for special form of development license which we have in our product line uh like six six years back or so six or seven years back we thought that oh this will be you know appreciated uh it was appreciated but only by a few people MH so it was appreciated by the people who develop uh in the cloud who use Dockers uh who are at you know front edge so to speak uh and where the companies actually allow that this also something which we have to keep in mind and and they are still then Happy users uh but it wasn’t appreciated by super broad audience yet this way uh because there’s so much I would say well I love what I’ve doing the past 10 years or the past 20 years and uh my company has not changed the way I should develop so I’m happy with that uh what I see in the future is that we have to provide more options so we have to provide more possibilities for our customers and uh to provide them uh the way of Licensing they are needing needed uh but uh the traditional way of Licensing like per machine or per seat or per instance will not go away this will stay the the next 10 years for sure if you ask me what is the level on which level it will stay I would probably say it will gretly go down but for sure it will be still more than 50% um together with viu uh we uh developed uh um a dungle free uh um licensing model suitable for Edge devices and so this gives us the freedom you know to deploy almost any licensing model or subscription model customers like so why not giving them the choice you know either you pay a a Perpetual license a one-time fee so we sell our Binet Tab app for say 365 onetime fee and one year support why not offering let’s say for 10 or 15 EUR on a monthly fee annual uh subscription and then just continue if we have the mechanisms why not you know uh it’s something I think the market has to decide and it makes a difference if you start to play around with this software spend 10 or 15 EUR a month and maybe if you even can cancel it on a monthly basis which reduces the risk and the the invest uh so I think we we will play around and see what what fits and even um feature-based licensing if you have a basic subscription why not offering additional features uh with a little extra money you know per month or a year for an interesting feature I think that’s we have to find out and we don’t know yet yeah uh no additions from my side so I think it depends on the market it depends on the application and technically we have the solution to implement more or less every license model you can think of and so the each software vendor device manufacturer need to decide and maybe to try for his business model for his uh Market which licensing is the best but the advantage is that with the the licensing system he can do whatever he likes but it certainly feels that for a very very long time there when we talked software licensing it was very much industrial B2B as opposed to to B to C and it does seem as though those models are starting to end try would you would you agree with that especially when I hear things like weekly monthly license fees I mean that’s not something you would typically here on a B2B scenario yeah that’s coming in B2B scenarios as well but uh it’s existing uh this and payper you schemes as well but you see the opposite way as well if you look to uh your mobile phone bill in the past you get charged for each call you do now you get a flat rate for a monthly fee and you can have unlimited calls so it’s not you cannot say that one business model is the one that will come into the Future and another one not so it will be probably Case by case and in different Industries for different applications it will be different but let’s I me also I mean if we are starting to see this Fusion of um of license um license models how does that rack up against data protection I mean what what what is there us uh usage based license models and data protection I mean how would they fit together good question um if you make a pay-per scheme and you really charge the customer for the usage then it’s the of course the question if you get information about the individual who is using a product and the software and the functionality and how much so that might involve uh data protection issues as well if you’re doing payper use models with with the users because you know then how intensive they are using an application if you do a subscription model I think it’s uh no more problem than you only know who has a subscription but for the paper for all the consumption based license models uh data protection might be an issue and might uh and needs the acceptance of the user yeah exactly so there was a point acceptance of the user if I again I see no contradiction if if it’s clearly stated in the agreements you have or if it’s I mean what does the GDP gdpr say it must be clearly visible to the user that his data is used u in accordance with the offered surf Services yeah with a purpose so there’s there’s no contradiction here and um even if um there are lots of technically or there are lots of possibilities to even have uh analytical evaluation of user Behavior Uh without revealing personal data so lots of things so again we come back to this whole regulation and gdpr and putting stuff in terms and conditions that nobody reads but at least it’s actually down there right pages and pages of it um would you would you say that softwar driven license models have already fully arrived in the industry uh I don’t yeah I don’t think so so uh it has arrived uh but the C customer makes the choice uh the customer has to see an added value and it has to see an advantage in it and if he sees that then he’s open and then he’s asking of course we offer that uh but the acceptance is something which we cannot simply expect uh we have to really look at the requirements uh of the customer and then it goes step by step and you you raised that point I really like that uh uh where are we are we moving from you know from the B2B models to the b2c models I think yes we are um we are learning from the b2c world um and but we don’t know where the journey it will will will take us actually so there are too many open parameters there are too many restrictions which you don’t have in the b2c world in B2 C world you know if the app on the iPhone crashes okay delete it and load a new one uh uh but uh redeliver software to our customers that runs 24/7 so there’s no way out uh that has to comply with many regulation depending which industry you are so um this is a little different uh and um I’m I really having a hard time estimating what will be ahead of us and there’s one more point um I think there’s uh a mixed feelings regarding subscription models we we are used to it in terms of uh enterprise software like sap um but also we have office software like Adobe tools which moved many years uh back from uh you know per model onetime payment to only subscription models and once they’ve done that and everybody was happy they raised the prices yeah to a level which for for private people is more or less out of scope uh so this creates also well in open Words a bad image uh so say not so good feelings on the opposite side you have companies like Microsoft which offer good deals for families so up to five members Microsoft 365 uh you get for say fair price so less of an insurance uh for whatever life per year so what I’m seeing is that uh it’s not really black or white it’s actually a little gray and it’s not sought out uh and I think we will live and we have to live with this diversity and uh as a company who offers Services uh and who offers standard products uh to our customers we have to Simply keep track with what is technically possible and we will of obviously offers these techn uh technical possibilities yeah including encrypting AI model who we’re already using apart from sap we’re using subscription models for example teams you know and we all know what it means if teams had an update and where’s the button so however it’s comfortable and obviously maybe a little bit cheaper than buying the software installing it we used it from the cloud so they advantages definitely but uh in the factory there’s a different setting and different priorities I agree so so yeah it’s still open in if if you look in a factory if you look on a machine maker for example in the machine there are many software components there are Optical there are cameras there are sensors there are many many things so the machine maker maybe sells his machine to to a VW uh on a paper part uh business model or something like that but how to afford that each of the different components and Source in this machine is also licensed with a pper use or subscription based model I think that is uh difficult to handle at least uh in my understanding of today that might change in the future but uh I think it doesn’t make sense in in for all applications to have subscription models it does sometimes feel that um you see subscription based license models that were originally intended to give certain companies data protection uh but now these models are being used in a term in terms of marketing to actually drive Revenue would would you guys agree with that I mean you’ve seen that you mentioned Adobe you’ve seen Microsoft do it I mean a lot of people now or a lot of companies do you know kind of you could buy the software originally now it’s all subscription based license model and then suddenly the price goes up and it’s it’s become more than data protection yeah so um this is what Financial investors would like to see and this is what gets us right back to the very beginning where everybody in Europe and Germany wants to see an immediate return yeah but the the truth is we live in a in in this industrial world we live in a very competitive environment uh so uh uh and usually we are small and medium siiz uh company although we have a global reach as a small company in each of the countries where we do business we have local competitors so we have to stay ahead of the competition that means uh we have to be better in terms of what we provide as benefit to our customers uh but we have also be price competitive so uh we cannot simply switch to subscription model and then raise the prices and everybody will say goodbye goodbye Johnny goodbye so and this will not work uh so um we have to keep up and and and run subscription is an option uh in our uh view um and it needs acceptance by the customer mhm I mean Oliver you are very you know deep into this into this area can you foresee a point when these licensing models simp simply become a way to be able to to uh manipulate the customer so it becomes more than what it originally was intended for um I don’t know so U subscription will come for sure but it depends very much on the application but what I’m sure is that for all kind of devices for all kind of products even software itself the product will be more defined by the software the functionality will be defined by the software and it will be tailored to the customer so not the customer needs to buy a huge product and he’s using maybe 5% of the functions in the product but he needs to pay for 100% that might not work I think the products will be more tailored and that’s much easier with software defined functionality together with licensing the vendors have the chance to tailor the product to the customer very easily and of course they can make packages and they can add maybe some data analytics as well so that the software vendor the device manufacturer can understand which features which functions are used more in the product and then spend more effort to make this improve this functions more because many people are using that and other features that are only used uh seldom times and only in small quantity maybe that’s good enough don’t need to improve on on that so that can influence product development as well and improve the improve the quality Andress maybe I’m a bit more cynical than Oliver um so I I I actually think uh from Investor’s point of view maybe a flat fee model is good which it gives the customer very comfy feeling that he gets everything but then because of very good analytics running in the background he’s pointed towards what he or she really thinks he needs and will pay extra uh on that um at least what that’s what you see in the in the consumer world that’s what’s happening um I think what is the key to that uh is that whoever wants to implement these things has got technology which is more or less automatic yeah any you I I I’m really not an expert in licensing but I don’t think you can have very fine granular highly flexible licensing if there’s lots of manual effort involved so you need very high degree of automation ideally your analytic software immediately triggers uh the configuration of your uh of your license server so that even a human is not involved anymore or only for checking afterwards but any step where human would still be involved uh that will be too costly to to have fine granular licensing I completely agree yeah that needs to be integrated very well and seamlessly in the whole business process so everything is done automatically also extension of subscriptions and so on needs to be done maybe if you have payper you schemes that they are automatically um increased and uploaded again in advance so that the user never runs into a situation where he can’t use the product and there’s one more Point uh I mean Tech on the technology side you can do whatever you want so to speak but at the end of the day uh there’s some salesperson going to uh the customer uh and explaining uh this licensing model but if this person’s not able uh to use three sentences to explain it then game is over so Simplicity uh I think is really key it can be complicated in terms of the technical implementation the back rout can be complicated in terms of uh the technology you use to do you know some AI pricing and all that stuff but the basic uh model has to be easy to understood otherwise you won’t sell it so it’s really interesting for me because again I’m a com from a completely different world in my world there’s no more salesperson because your API your service is so good that the customer is immediately sucked into using it and again everything is happening automatically yeah so no no more sales customer just implements it it works and somebody makes money with a licensing schem what’s the time frame for that I I maybe maybe in some Industries the gaming industry this is already happening yeah and yeah look at Tesla you won’t find a shop you buy online so defa the trader in between completely all all fair M uh uh I will talk with my sales personnel and they let them okay well actually let’s let’s let’s bring in I mean we speak about sales let let’s kind of round this whole thing up what role does your aftermarket business play for companies I mean U you said very very early on that service started off as being just given free you would sell the product and you would throw in some kind of service support in order to differentiate Etc but what we’ve basically said is people these days would like to go back to having some kind of physical even if it’s a phone but they want the software and they want everything else to run in the background and they don’t even want to know about it and it just has to work and that’s it but then there’s this after service um uh aftermarket business for compan how does that all bind together I think it’s an important part of it um of course you try you you have to provide self-service portals where people first can find solutions to their problems but also need some reactive response you know to see how they can handle the situation and uh I think it’s it’s very important and and service is I would say half the product not maybe even more yeah and service will be paid uh even in the consumer area looking on looking on your mobile phone uh you can have a a care contract that gives you uh telephone support for uh limited time and then you can extend that to to pay for that and for some customers they don’t need it they throw it away they buy a new one MH other customers want to keep it longer and they are happy if they can get uh support in case of any question or issue and get a good answer uh in a fast and easy way and many of our customers have applications for the aftermarket like diagnostic software for cars for airplanes and so on that’s a huge market so um again I’m not really an expert but um let me share an observation so as some people gathered yesterday evening I’m heavily into music and there there’s actually a product a company um it’s called line six and they they offer a product it’s called The Stomp it’s a little box and it basically provides uh effects to your music it’s digital effects and this product is a hardware piece of product there’s a DSP on it a little processor uh I think it has been on the market for seven eight years maybe but this company they’re really good in providing updates every year so even if you buy this device now and it’s old for piece of Hardware it’s really old um at least musicians have got a very high degree of trust that the company will continue to provide highly valuable updates to this to this product and uh in the in the sort of consumer Music Space there are countless products like this um where and examples where companies failed they sold something after two years anything any support was gone and you lived with an outdated piece of hardware and some companies really succeeded and I wonder actually how they do their calculations because it’s actually quite costly to do that yeah probably one more comment if you look at your phone and look at the apps you have installed uh just try to remember yourself when you have downloaded these apps and for how many years you have these apps on the phone so I think this set the expectations also on the industrial side customers simply expect that support uh one way or the other uh on the software side and especially the example you mentions like um companies buil uh mostly standard ized hardware and the software differentiate differentiate the functionality um then the software is the key which you have to maintain for at least five or 10 years so software development as such has also be a little different and has to take into account what kind of developments will we foresee so to speak what kind of compatibility efforts we have to implement in there uh and how much risk as a producer we can take in order to ensure this compatibility ility and at what level we have to say Okay after 5 years we’re going to charge another 10% or so yeah uh uh and I think this has not been sought out I’m not saying this is all clear now uh I think this becomes more important in the future this the point and in case of uh vulnerabilities or security issues you are even uh legally uh forced to provide updates and patches for your customers for your products I would even point that further um I’ve heard um I didn’t really attend a training on CRA but customers are forced uh to prove that they have also registered for updates for the product they have purchased so it’s not only the the vendor it’s also the user who must make sure has to make sure that they get update uh software security patches for these components they have purchased for say at least 5 years it is one thing that you see where some companies now start to see um Legacy software uh support is now also a revenue generation because not everybody can update not every company can update within a 5 to 10 year cycle um how long would you say just I mean you said 5 to 10 years support just generally I mean so so Oliver what what would you you say for your products I mean you have products in the market how long do you think it’s viable to keep support for them for aftermarket business we do that very very long so and longtime availability longtime support is very important for our customers because we we don’t sell the end user product we sell something that our customer is integrating in his product where longterm availability long-term availability and support is very important so uh looking back we introduced V in 1989 when we started the company even today we provide updates driver updates for vuki uh even we don’t sell webui to new customers but we still have a large installed base and some vendors that have implemented vibu Kei in their product are still purchasing uh viu boxes so the dongles the the old type of dongles so uh it’s still about maybe 100,000 pieces a year that we are selling from this old product that is only for existing products for uh existing customers but of course we do that for COD meter itself and it’s not only updates of drivers and maintenance for the drivers we also uh with codem we have updatable firmware in this uh security devices in this Cod met dongles that is also uh updated from time to time to to give additional functionality and of course if there are any security issues to fix them that means in your company there’s a room which is called Museum and there you have 10 dos computers yeah yeah yeah we have some old computers for testing but um um updating very old versions of drivers that is very tricky and it’s not possible so normally we do that support um we support the old Hardware but we do the support also on vulnerabilities and security issues for the uh upto-date uh driver version and we support some versions back and for example for old operating systems that are no more supported from Microsoft for example if you’re looking back to Windows 7 or even older ones uh in some cases we are offering a long-term support for our customers uh they need to pay a fee for that but uh at the end we are not making profit with that because it’s a huge effort to keep the build systems up and running for this old operating systems and to be able really to compile and to fix something in an old version so what what’s uh I think everybody understands that he must do is of course fixing issues in current versions but fixing issues in old versions that’s a tremendous effort and we do that in some cases uh for extra fee of the customers yeah and I I think this is really a trade-off a vendor has to make now but it says something about the quality of your Hardware if it’s still running after 25 years so congratulations 35 35 okay what I’d like to do now is see if there’s any questions from the room just for us to to finish off does anybody like to say something please questions no do we have any from online no is there anything further just to just to finish can I ask each the gentleman up here to give a a closing statement then um of what we’ve heard and how we could how you individually would sum up uh the last 120 minutes so so um at the beginning uh you asked what is my take-home value I said well you know one two ideas uh from also the discussion here I took these ideas and um uh one point uh I learned is that uh there was a danger not only with a program code but also with the data to keep to make this in a very plain statement and this is actually true and this reminds me on um uh say paperwork uh which we see from our customers uh more recently where there are security vulnerabilities which has to be addressed and all that stuff um which for or maker of standard software is kind of unusual because the standard software Works a way that uh the real application done at the End customer so and the responsibility usually is at the End customer side but for pre-train models the responsibility is on our side this is one uh point one other point is that um the flexibility on the on the technical side which we see which we have now uh to um cope with the cyber security issues um and I’m also I’m a firm believer that this will be more an issue in the future than today uh uh the risk level is high but it will be higher in the future so it needs to be addressed and this is what I will take home when I have to talk to my Engineers so I would like to finish this um discussion with after these roundtables after after the the talks you had after all the stuff you heard about malware and so you we always tend to go home and think what a what a bad world we are living in but to be honest I personally think our systems have never been more secure than today we just have more of them but uh the technology and uh the achievements we made uh is secure at least from the security domain and also companies like VI over the last 20 years uh is tremendous so we we have never been more secure than now it’s just more complex our goal is in the next 5 to 10 years or in the future really to be the standard of software protection licensing and security so if you say Tempo if you want to get a handkerchief and if you if you think about software licensing software protection you should immediately say code matter and of course we want to create really uh not only uh nice gadgets but uh with our solution we really want to create a business value for our customers and applications that make uh sense for everybody so the use case we have seen this morning with timer trucks and with the spare part production I think is an excellent use case where you can see that it’s not only a business value not uh but it’s also a value for the society or for the environment not to keep 10,000 pieces on stock for 20 25 years then to waste it and if they are needed to to send them by Air Freight around the world so this uh new business model really creates benefits uh to everything to the whole society yeah as I said initially um vibu is uh only a small part of our activities because we’re talking especially in the industrial iot domain we’re talking about open ecosystems dealing with Edge gateways device and application management apps app stores and of course far more shop flow components which also have to be managed somehow Beyond the Edge so but I’ve learned a lot during this event here I was great being part of it and uh I’ve seen how how flexible the whole protection licensing software protection world is and and that we might have the chance to bring some of the flexibility in our business models and see how the market react in principle also um accepting uh the approach the approach in general that there exists an app store where you can buy an industrial app and then deploy it to the edge and see what’s going on that’s Fairly New Concept we are not the only company seens is working in that we are part of different associations open industry 40 there is a new one Margo dealing with interoperability between app stores and deployment platforms creating standards to to define the interfaces between those worlds and and software protection is an important part of that and I’m really curious maybe in one year’s time to come back and see you again and and see what has happened since stand thank you very much okay uh all that is uh left for me to do is to thank the panelists uh Dr Olaf uh monel Dr Andrea Shard um Oliver viten Reed um and uve schn I thank you very much for your time your insights your patience it’s quite hot in here isn’t it so it’s staying cool it is um I also want to thank Oliver uh on behalf of all of us for you know the Ino day Ino days that we have and also your team as well so you know thank you to your team and uh just finally to say congratulations on 35 years of viu systems you must be very proud and uh you know we can see what you’ve done and it’s it’s amazing thank you very much Steve thank you very much to all of you for joining our event and hopefully everybody has uh uh got some ideas and uh what he can do in the future and where he can get benefits for his work for his uh products and for his tasks so thank you very much all of you thank you very much uh Olaf Andreas U for joining on this uh round table thank you Steve for moderating you’re welcome thank you [Applause] for