Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Development

    Tools Block Code-Busting Crooks

    By
    Darryl K. Taft
    -
    December 20, 2004
    Share
    Facebook
    Twitter
    Linkedin

      The concept of adding security to the coding phase of application development is catching on, with new companies delivering tools to help developers test for vulnerabilities early in the process.

      One company is not only delivering tools but also attempting to seed the market with the talent to create secure applications. Ounce Labs Inc., of Waltham, Mass., last week introduced its Secure Foundations Initiative, a program that puts the source code vulnerability analysis software vendor in collaboration with universities to train developers in secure software.

      The Ounce Labs Secure Foundations Initiative has committed software and research grants worth more than $500,000 to launch the program to promote security at schools such as The George Washington University, Southern Methodist Universitys High Assurance Computing and Networking Lab, the United States Military Academy at West Point, and The Center for Education and Research in Information Assurance and Security at Purdue University, said Ounce Labs CEO Jack Danahy.

      “This is a problem we need to figure out how to solve,” Danahy said. “A lot of people dont realize the problem, but there are only about 300 to 500 people worldwide who can do a competent [secure] code review,” he said.

      In May, Ounce released its Prexis tool, which automatically scans source code to analyze an applications security and pinpoint vulnerabilities during development.

      “I intend to use it to have our students run their code through the tool to show them where they may have made some security errors—without any foreknowledge or planning for security in their code—to let them see what are known pitfalls,” said Ron Dodge, director of the IT and operations center at West Point, in New York.

      Julie Ryan, professor of information security management at The George Washington University, in Washington, said, “One of the problems for information technology security is that the market demands that software be developed quick and cheap.” That means less emphasis on coding for security.

      /zimages/4/28571.gifClick here to read an in-depth story on securing applications during development.

      West Points Dodge said an influx of tools to help with security at the development phase would be welcome. “Its like somebody trying to build a fence without a level,” he said.

      Although tools for automating the detection of software vulnerabilities have existed, the space is relatively uncharted. In the next version of its Visual Studio Tools, Microsoft Corp. plans to deliver to developers the ability to check for security vulnerabilities.

      One other company following a similar path is Kenai Systems Inc., of Rocklin, Calif., which last week announced its ExamineST Web services security tool, which provides vulnerability assessment to test for problems with Web services at their development phase, said Bill Kesselring, CEO of Kenai.

      ExamineST allows developers to import WSDL (Web Services Description Language) files and test them for compliance with the Web Services-Security specification and other known vulnerabilities.

      /zimages/4/28571.gifCheck out eWEEK.coms for the latest news, reviews and analysis in programming environments and developer tools.

      Avatar
      Darryl K. Taft
      Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×