A new software release from Secure Software Inc. is designed to make it easier for organizations doing software development to spot and resolve security flaws in raw computer code.
Secure Software, based in McLean, Va., planned to release in late June CodeAssure 2.0, the latest edition of its automated code security auditing technology. The upgrade includes CodeAssure Management Center, a tool that will make it easier to manage users and projects, said CEO Kevin Kernan.
CodeAssure is sold as a suite with modules such as CodeAssure Workbench, an automated vulnerability discovery and assessment tool, and CodeAssure Integrator, which integrates vulnerability testing with standard development processes such as code builds, testing and quality assurance.
The product works with both the Java and C programming languages and machines running Windows, as well as Red Hat Inc.s Red Hat Enterprise Linux and Novell Inc.s SuSE Linux and some versions of Unix, Kernan said.
The new Management Center component lets managers track vulnerability trends, prioritize code fixes, set and enforce policies for fixing vulnerabilities, monitor the status of code review projects, and create reports and business impact assessments of individual projects or project portfolios.
CodeAssure can be used as a plug-in with the Eclipse open-source IDE (integrated development environment) from the Eclipse Foundation Inc.
Microsoft Corp. said in June that it was working with SPI Dynamics to integrate its DevInspect and SecureObjects into Visual Studio 2005 and Visual Studio 2005 Team System to help developers create more secure Microsoft .Net Framework-based Web applications.
At Sourcefire Inc., of Columbia, Md., an IDS (intrusion detection system) vendor, researchers use CodeAssure to locate vulnerabilities in open-source programs such as Sun Microsystems Inc.s OpenOffice software, said Matt Watchinski, director of vulnerability research. Vulnerability information from CodeAssure is used to build signatures for Sourcefires IDS products, Watchinski said.
CodeAssure 2.0, available now, starts at $48,000 for a 10-developer deployment.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.