"Numerous security tools on the market today perform static analysis, penetration testing and security audits on application code that has already been written. But what if you could stop vulnerabilities before they reach the code stage?"
HP and IBM ( rivals ) are on their way competing in developing some measures to develop code designed to improve security during early life cycle development. HP'S Comprehensive Applications Threat Analysis (CATA) and IBM's own similar initiative...... ....................................... ............................ they took Buffer Overflow and SQL Injection as possible vulnerabilities that can be avoided for example. HP claims that their success depends on human expertise and skill of HP's consultants. It looks like people with good experience in estimating the coding faults (penetration testers with coding exp) would do good for HP's initiative.......and we will have to look out for code released from Companies with HPs or IBMs expertise help. Other interesting feature is what vulnerabilities would they address apart from the above 2 mentioned that would be caused in early development phases of software? further details at : http://www.devx.com/security/Article/44978 -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
