LogicLibrary's BugScan Becomes First Application Development Security Tool to Be Evaluated by ICSA Labs.
LogicLibrary(R), the leading provider of software asset management tools, today announced that ICSA Labs, a division of TruSecure Corporation and the industry's leading independent security testing firm, has completed a comprehensive evaluation of LogicLibrary's BugScan. ICSA tested BugScan, the security component in LogicLibrary's strategy for managing assets throughout the software development lifecycle, in the areas of documentation, platform security, functional security and logging. The ICSA public evaluation report said BugScan is "useful to quality & assurance testing, security personnel and application programmers."
LogicLibrary's BugScan is a second-generation, automated code security scanner that provides 100 percent code coverage, requires no knowledge of the application being analyzed and is fast, scalable and reliable. BugScan gives customers the ability to detect the classes of bugs that have caused major disruptions for many businesses in the recent past, such as Blaster, Nimda and Code Red.
"In today's IT environment, where software assets are being used and reused as part of enterprise-wide service-oriented architecture (SOA) projects, it is imperative that application vulnerabilities be identified and eliminated at the beginning of the software development lifecycle," said George Japak, vice president of ICSA Labs. "Application-scanning technology helps ensure the highest levels of security at the onset of the design and development process. LogicLibrary's BugScan is an easy-to-use application security analysis tool that addresses many of the common security vulnerabilities present in today's applications."
LogicLibrary's BugScan is able to analyze internally developed programs, as well as commercial off-the-shelf software (COTS) and 3rd-party components. Customers simply submit binary code to BugScan for evaluation. Test results are stored in software asset records within the Logidex metadata repository. Developers, architects and QA users can then view these results to determine whether an asset meets specified security requirements. Eliminating vulnerabilities at the start of the development process can save companies time, money and reputation.
"Conventional forms of application security do not protect businesses from bugs and coding errors that are inadvertently 'baked in' to software during development," said Greg Coticchia, CEO of LogicLibrary. "By addressing security at the start of the development process, LogicLibrary's BugScan enables customers to eliminate vulnerabilities before applications are deployed. This takes on even greater importance with the emergence of service-oriented architectures, which rely heavily on software components being reused on a frequent basis. Businesses must be confident that their software is clean and secure. ICSA Labs' evaluation is an important milestone for LogicLibrary's BugScan."
About LogicLibrary's BugScan
Acquired by LogicLibrary in September 2004, BugScan performs automated security analysis of native binary code in order to determine specific vulnerabilities, location of coding errors and problem severity at the onset of the design and development process. Analysis results are presented in a simple, comprehensive report that, in addition to identifying problems and severity, presents remediation advice. This process ensures that software is fundamentally secure and provides a significant advantage to enterprises developing and reusing software assets in service-oriented architectures (SOAs) and as Web services.
About ICSA Labs
ICSA Labs, a division of TruSecure Corporation, offers vendor-neutral testing and certification of security products. Hundreds of the world's top security vendors submit their products for testing and certification at ICSA Labs. The end-users of security technologies rely on ICSA Labs to authoritatively set and apply objective testing and certification criteria for measuring product compliance and reliability. The organization tests products in key technology categories such as anti-virus, firewall, IPSec VPN, cryptography, intrusion detection, PC firewall, content security, SSL-VPN and Wireless LAN. For more information about ICSA Labs, please visit: http://www.icsalabs.com.
LogicLibrary is the leading provider of software and services that make it possible for enterprises to manage and reuse software development assets (SDAs). The company's patent-pending technology provides a comprehensive and collaborative approach for creating, migrating and integrating enterprise applications for use in service-oriented architecture, Web services and other software development initiatives. Additionally, LogicLibrary's BugScan provides powerful, easy-to-use application-scanning technology that helps architects and developers ensure the highest levels of security at the onset of the design and development process.
LogicLibrary has been positioned in the "Leader" quadrant in Gartner Inc.'s Magic Quadrant for Metadata Repositories, 2004(a) and maintains strategic partnerships with Microsoft, as a Premier member of the Visual Studio Industry Partner (VSIP) program, IBM, as an Advanced PartnerWorld Partner, and Serena. LogicLibrary has been recognized the past two years on the SD Times 100 list of leaders and innovators in the software development industry and has integration partnerships that include Microsoft, IBM/Rational, Eclipse and Borland. LogicLibrary is headquartered in Pittsburgh, with additional offices in Rochester, MN and Sunnyvale, CA. For more information, visit www.logiclibrary.com.
LogicLibrary and Logidex are trademarks of LogicLibrary, Inc.
All other brands and product names are trademarks or registered trademarks of their respective companies.
(a) Magic Quadrant for Metadata Repositories, 2004; Michael Blechar; March 5, 2004.