• United States

Start-up looks to lock down code

Feb 06, 20062 mins

Executives at start-up Mu Security says it has developed a way to make network products and applications more secure.

A start-up backed by $4 million in venture funding and a team of former Juniper Networks executives says it has developed a way to make network products and applications more secure. Mu Security says its vulnerability-assessment product lets customers test their products with known hacker techniques, letting them fix bugs before products are put into use.

The unnamed product, which is expected to ship by year-end, emulates millions of known hacker attacks and integrates this ability into the quality-assurance processes, says Ajit Sancheti, co-founder and CEO of Mu Security

The product could be used by companies to test third-party software before purchase or to certify configuration changes and software patches, says Joe Furgerson, vice president of marketing.

Mu Security would not say whether the product will be hardware- or software-based, but more details will be revealed next month, Furgerson says.

Software vendors such as Microsoft have spent a great deal of time and money during the past few years to build security into their product-development process, and the benefits of secure software development in the enterprise are now better understood, says Melinda-Carol Ballou, program director for application life-cycle management software with IDC. “Mainstream organizations are beginning to wake up to the fact that, ‘Yes, if I coordinated this as part of a best-practices approach from the beginning, it’s going to save me money in the long run,'” she says.

Software vendors such as Fortify Software, Secure Software and Ounce Labs sell similar products, which analyze software’s source code for security flaws. Widely used integrated-development environments such as IBM’s Rational products and Microsoft’s Visual Studio Team System are beginning to focus more on security, Ballou says.

But unlike these products, Mu Security’s offering does not concern itself with source code, Sancheti says. “What we’re doing is looking at a system like the world would, like the hacker would,” he says.

Mu Security’s management team includes many executives behind the OneSecure intrusion-detection appliance, which in 2002 was purchased by NetScreen Technologies, before NetScreen was acquired by Juniper Networks. Sancheti and CTO Kowsik Guruswamy worked on OneSecure, and Ferguson is a former Juniper executive.

Founded in March 2005, the company employs a staff of 20. Mu Security’s investors include venture-capital firms Accel Partners and Benchmark Capital.