At what point in software development do you consider incorporating protection mechanisms?
The most protections mechanisms are making program code difficult to understand and hard or even impossible to debug. So the rule is: (1) your product should run unprotected well with a high quality of clean design and the ability of easy debugging, tracing, performance-monitoring etc. (2) Then this code is added by protection mechanisms, for example, the hash of a loaded module is checked before the code in the module can be started. Ideally such protection mechanisms are described as specific properties with parameters and added automatically by a protection tool at binary level of the executable file. If such tools are modifying the source code this should be done on a "release code level" copy of the source code which is not used to add later features etc.
The rule of thumb is: your overall design of your application is planned from begin on with clean and easy-to-manage code but with the integration of specific protection mechanisms, which are actually added after the design and test phase of the application is completed.