- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Verizon snares $678 million federal network deal
- Cisco loses $2 million order to Nortel
- HP buys EDS for $13.9 billion
Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!
Wireless dangers at airports. Listen now!
Migrating to a new messaging system is a tedious, complex and risky process. And since this isn’t something you do everyday, you need to know "best practices" to ensure a successful migration.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
There are many compelling reasons for virtualizing Windows and Linux applications. Virtualization improves server utilization by allowing you to run multiple workloads on a single physical server. It reduces the number of physical servers you have to maintain, while allowing you to use less physical space and power while still improving scalability. All of these capabilities translate directly into lower costs, less complexity, and greater flexibility in your mixed IT environment. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
The 3G Punch? There have been good 3G phones out for months and months and years.- Anonymous
Software security testing company Veracode announced on Monday a rating service designed to help enterprises determine the security level of the software they are developing and buying.
Called the Veracode Software Security Ratings Service, it is likened by the company to ratings from Moody’s, Standard and Poor’s or Consumer Reports. This service, however, focuses on quantifying the security level of commercial and homegrown applications, in part by using techniques the company developed for its SecurityReview application testing service.
Veracode, a spinoff from Symantec, says there has been no standardized rating of software security because it requires 100% of the application code be made available to the analyst, which software developers are reluctant to do. Still, there is $350 billion worth of commercial software sold annually, according to the company, much of that to enterprises that take serious security risks by deploying code that hasn’t been fully tested.
The company’s binary security analysis inspects entire applications and components for security vulnerabilities without requiring the software developer to expose the source code of an application, officials say. Analyzing compiled binary code in its final form is the most effective way to test and rate the security of an application, including its linked libraries, inline assembly code, and code inserted by compiler-specific interpretations, they say.
The new service is based on industry standards for classifying software vulnerabilities, such as the Common Weakness Enumeration for classification of software weaknesses by Mitre and the National Institute of Standards and Technology, and the Common Vulnerability Scoring System from the Forum of Incident Response and Security Teams, officials say.
Veracode’s Software Security Ratings Service is priced at $5,000 per application.