contents

software
 
Veracode's SecurityReview Now Available in the UK

Veracode has announced a further innovation – comprehensive detection of backdoors and malicious code. Veracode is the only company to offer application code reviews on a software-as-a-service subscription basis. Veracode's SecurityReview is the first solution to enable organisations to discover security flaws in software automatically, without releasing their valuable source code. Whether a company is buying or building software Veracode helps improve the security quality of applications without the need to hand over precious intellectual property by providing comprehensive identification and remediation of the security flaws contained in binary code, the very foundation of today's software applications.

The addition of the new backdoor detection capability further strengthens Veracode's position as a true trailblazer in the application security arena. Backdoors are often included in programmes by developers for seemingly legitimate purposes but are increasingly being exploited by hackers to compromise applications. Research from the US Department of Homeland Security points to a significant risk from backdoors and 23% of software packages used by US government employees have backdoors built into them.

As the complexity of modern software applications increases, with components assembled from reusable binary components, backdoors can easily circumvent even the best of QA cycles, resulting in the need for a more complete and accurate approach to software security testing. Veracode's binary software testing, which provides 100% coverage as opposed to the partial coverage of today's source code-only analysis solutions, is uniquely positioned to tackle the backdoors and malicious code challenge by offering a complete, independent security verification of an entire software application.

On the back of extensive research, Veracode has developed the first comprehensive taxonomy of backdoors so that organisations and application developers can better understand how to detect these hidden threats. Veracode has found that the average time to discovery of a backdoor inserted in open source software was measured in weeks. Backdoors in commercial "closed source" applications went undetected for years, putting company and individuals' personal data at risk.

SecurityReview is now fully available in the UK.



write your comments about the article :: © 2008 Computing News :: home page