- Palm unwraps the unlocked 3G Treo Pro
- FTC targets prerecorded telemarketing drivel
- New algorithm offers hope for old routers
- Microsoft hires Seinfeld to bite Apple
- 'White space' spectrum debate to get hotter
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Start-up Veracode next month will begin offering a software code evaluation service online that will allow businesses to upload their code for a security review and receive it back with suggested corrections the next day.
Veracode, a spin-out from Symantec, which holds an equity position in return for the technology the firm uses, plans to offer an on-demand service called SecurityReview, for which official pricing has not been announced. Matt Moynahan, co-founder and CEO, says the goal is provide an analysis of submitted code at the binary level to point out flaws, preferably before they end up in working applications. Firms competing against Veracode include Fortify.
“This service is about application security, whether Web-based or back office,” Moynahan says. “Our binary code analysis engine looks at software whether it’s developed internally, through outsourcing, or independent software vendors.”
The new service is based on an older tool known as the Smart Risk Analyzer developed by Veracode’s chief scientist Christien Rioux, formerly with the security firm @Stake, which was acquired by Symantec more than two years ago.
Veracode has decided not to license its code-evaluation tools for use directly by business and government. One reason, Moynahan says, is the training issue. “A tool itself doesn’t solve the problem, there are the people and the cultural issues,” he says.
Consequently, the challenge for Veracode may be gaining the confidence of customers to submit software code online at the Veracode portal. But Moynahan, who expects Veracode to begin offering the service early next month, said the convenience of the automated binary-code security review and quick turnaround will hold appeal for many organizations wanting an independent security review of their applications.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment