SPI, Ounce Labs Target Poorly Written Code
SPI Dynamics' SecureObjects gives developers a library of securely written pieces of code to insert into applications; Ounce Labs' Prexis source-code analysis tool measures the number and severity of the flaws found in a given application.Application security specialist SPI Dynamics Inc. on Monday rolled out a new solution designed to help developers lock down their applications during development through the use of secure chunks of code. Also on Monday, a small startup, Ounce Labs Inc., of Waltham, Mass., released the second version of its Prexis source-code analysis tool. While SPI Dynamics and Ounce Labs take different approaches, both companies are aiming at what many security experts see as the root cause of most vulnerabilities: poorly written code. Known as SecureObjects, SPI Dynamics new release will be integrated with Microsoft Corp.s Visual Studio .Net 2003 and is meant to give developers a library of securely written pieces of code that they can insert into their applications in specific situations. Most security vulnerabilities at the code level are the result of common programming errors, such as the failure to check the length of a memory buffer or the input from a Web form.
To remedy this, SPI Dynamics has developed a set of objects, each of which performs a specific function during the application development process. One type of object can be inserted into Web applications to check the incoming data on Web forms. The object compares the data against a pre-determined set of rules that governs what types of input are allowed. A second kind of object handles all of the security events generated by the other objects in the solutions library.