Secure coding attracts interest, investment

A new product from computer security firm @stake Inc. will help developers search computer code for errors, security holes and other flaws that malicious hackers can use to break applications -- and break into computers. On Monday, @stake, of Cambridge, Massachusetts, will unveil SmartRisk Analyzer, an application security modeling and analysis tool that scans computer code written in the C, C++, and Java languages for flaws such as buffer overflows that, if left undetected, pose security risks for customers using finished software products.

Using a technique called "deep binary analysis," the new product scans computer code after it is "compiled," or translated into binary code, the zeros and ones that are the foundation of all computer languages.

Working with compiled, as opposed to uncompiled code, allows SmartRisk Analyzer to spot flaws that may only appear when the application interacts with services on an operating system, said Chris Wysopal, vice president for research and development at @stake. Those include interactions with security APIs (application programming interfaces), cryptographic APIs or network file services, as well as improper input validation and so-called "backdoors" that would allow malicious hackers to secretly compromise machines, he said.

Read Full Story