CodeAssure Finds and Fixes Security Flaws in Unsafe Applications; Secure Software Introduces Products and Process to Prevent Software Attacks.WASHINGTON -- Secure Software announces the availability of CodeAssure(TM), a product suite for software developers and security professionals to pre-emptively find, prioritize pri·or·i·tize v. pri·or·i·tized, pri·or·i·tiz·ing, pri·or·i·tiz·es Usage Problem v.tr. To arrange or deal with in order of importance. v.intr. and fix security flaws before they result in catastrophic breaches. Security flaws and errors found in software are responsible for the exploits that lead to identity theft, unauthorized funds transfer, and fraud, costing the U.S. economy $59.5 billion per year (NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. estimate). The greatest challenge and greatest opportunity for Cyber Security Amit Yoran Amit Yoran was the National Cyber Security Division director within the United States Department of Homeland Security. He took up the post in September 2003 and resigned in October 2004. , former Director of the National Cyber Security Division The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Directorate of National Protection and Programs. stated, "The greatest challenge in cyber security exists in retrofitting security solutions on top of fundamentally flawed applications, protocols and platforms. And the greatest opportunity for improving our technology infrastructures exists in improving the quality and security of our software systems and applications. This must be done in both the technology development and security evaluation processes. Innovative and automated technologies and solutions, like those being developed by Secure Software, are pioneering ways to help companies develop more secure technology in house and better evaluate the security of those solutions they are procuring." CodeAssure's preventative approach uses source and binary code binary code Code used in digital computers, based on a binary number system in which there are only two possible states, off and on, usually symbolized by 0 and 1. Whereas in a decimal system, which employs 10 digits, each digit position represents a power of 10 (100, 1,000, analysis to detect security flaws in software applications, automating what has been a manual, error-prone, and costly process. Built on a continually updated knowledgebase of security vulnerabilities, CodeAssure applies thousands of individual tests and rules to existing and in-development applications. Project teams are also provided with detailed software process guidance and security expertise to build security into software throughout the product lifecycle Product lifecycle or product life cycle is the course of a product's sales and profits over time. The five stages of each product lifecycle are product development, introduction, growth, maturity and decline. , dramatically reducing the cost of post deployment remediation. The weak link in the enterprise - whether buying or building software John Pescatore, security analyst with Gartner, addressed the application security challenge by stating, "Gartner's research shows that applications are the weakest link in enterprise security. Enterprises need to make sure that both the software they buy and the software they build have focused on avoiding vulnerabilities throughout the development cycle. Testing for security vulnerability also needs to be automated during development and quality assurance to catch vulnerabilities that will still be built into most software for years to come." CodeAssure is for software vendors, commercial enterprises, and government agencies that need to ensure the security of high-risk code, including; outsourced and open source code, middleware, third-party applications, and Web services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term. . Organizations whose critical applications are often targeted for exploit include the financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. , banking, healthcare, and defense/aerospace sectors. Early customers of Secure Software's products include Trusted Network Technologies, a developer of software-based security products, and The Navy-Marine Corps Intranet (NMCI NMCI Navy/Marine Corps Intranet NMCI National Multi-Cultural Institute ), the world's largest networked organization, which acquires and deploys 3rd party applications. For developers - building more secure applications Trusted Network Technologies, whose products enable enterprises to automatically identify and control who is on their network and what they're accessing, is using CodeAssure to address potential vulnerabilities early in the development process, before the product ever reaches a client. Offered Mark Bell, Vice President of Engineering, "CodeAssure is integrated within our Linux development environment, detecting and providing real-time feedback so we can ensure the integrity of the code base and reduce the overall life cycle maintenance costs. Most importantly Adv. 1. most importantly - above and beyond all other consideration; "above all, you must be independent" above all, most especially , CodeAssure helps us deliver to our customers the quality assurance of a superior product." Enterprises - Assessing applications for security compliance before deployment NMCI is applying Secure Software's technology to determine whether specific applications create vulnerabilities and whether they work well under Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. 2000 and XP. "I think they have very exciting software," said Captain Chris Christopher, deputy director for future operations, communications and business initiatives in the NMCI Office. The CodeAssure Suite CodeAssure's four products provide project teams with security analysis tools for C, C++ and Java. Designed to work within the development environment, CodeAssure is integrated within Eclipse(TM), the open source software development environment from the Eclipse Foundation The Eclipse Foundation leads the development of Eclipse, the open-source Java application platform and IDE. History In 2003–2004 the Eclipse Consortium, an unofficial consortium of software industry vendors led by IBM, founded The Eclipse Foundation, a . The CodeAssure suite consists of: CodeAssure Workbench(TM) Automates the detection and assessment of application vulnerabilities in source code for over 40 classes of vulnerabilities and insecure coding practices. Applies tests from a Knowledgebase of thousands of individual examinations and rules, coupled with extensive remediation information guidance. For analysts, developers and security professionals. CodeAssure Auditor(TM) Performs vulnerability detection and risk assessment on complex business applications - including internally developed code, open source, outsourced components, and acquired programs. The Auditor identifies vulnerabilities and policy violations in Windows, Linux, and Java executables, in binary program Noun 1. binary program - a pre-compiled, pre-linked program that is ready to run under a given operating system; a binary for one operating system will not run on a different operating system; "the same source code can be compiled to produce different binaries for modules, even when source code isn't available. In-depth information about the exploit potential, and recommendations on how to remediate re·me·di·a·tion n. The act or process of correcting a fault or deficiency: remediation of a learning disability. re·me threats are provided. CodeAssure Integrator(TM) Integrates vulnerability testing with other build, test, and quality assurance processes. Analysis results feed the CodeAssure Management Center's centralized cen·tral·ize v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es v.tr. 1. To draw into or toward a center; consolidate. 2. application security database, providing visibility to everyone involved in the application development and deployment process. Application assessments can be forwarded to interested developers, analysts, and others. CodeAssure Management Center(TM) Provides web-based access to application security status, security policy definition and enforcement, reporting, and metrics across the entire organization. Secure Software founder and Chief Technology Officer John Viega, added, "Application security is now the domain of both software development teams and security professionals, and CodeAssure bridges to both set of requirements simultaneously." Viega, who coauthored "Building Secure Software," and more than 80 papers on the subject, continued, "If you're a developer, CodeAssure provides security 'blueprint' guidance across all of the roles and activities for the project team, and if you're a Chief Security Officer, you now have the visibility to fully understand application risks, and manage policy compliance against the various governing regulations for your organization." For additional details on each product component, please visit: www.securesoftware.com/products/ National Institutes of Standards and Technology estimate About Secure Software: Secure Software provides application-security products and process technology that helps organizations cost-effectively eliminate security flaws at the source - insecure software code - in legacy, acquired, and new-start applications. Its recently launched CodeAssure product suite automates the discovery and vulnerability analysis In information operations, a systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such for prioritizing and fixing insecure software code, and provides process guidance for building more secure applications early in the development lifecycle. Based in McLean, Virginia McLean is an unincorporated community located in Fairfax County in Northern Virginia. A small geographic area along Chain Bridge Road in Arlington County has a 22101 zip code and is also part of McLean. , Secure Software recently received $5.25 million of Series 'A' funding by Charles River Charles River River, eastern Massachusetts, U.S. The longest river wholly in the state, it flows into Boston Bay after a course of about 80 mi (130 km). Navigable for about 7 mi (11 km), its estuary separates the cities of Boston and Cambridge. Ventures and Valhalla Partners Valhalla Partners, based in Vienna, Virginia, is a venture capital firm which seeks to build world-class technology companies. Valhalla assists the companies it invests in by offering both seasoned advice and best practices which have been developed over the last twenty years. . The company sells its solutions to large government agencies and utilities, financial institutions, healthcare organizations and independent software vendors. For more information visit www.securesoftware.com |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion