[SC-L] Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis

Mon, 22 Jan 2007 11:13:51 -0800

Ok, last software security news item for today, I promise. :-) This article (see http://www.darkreading.com/document.asp?doc_id=115110&WT.svl=news1_1) is about a couple of new startup companies. One of them in particular, Veracode, may be of some interest here. The article says, "Veracode, founded by Chris Wysopal and other former executives of @stake, is now offering patented binary-code analysis of software for enterprises that want to analyze their software's security on a regular basis. The ASP will also offer security reviews of enterprise products and security analysis of third-party apps for software developers."
The article also provides some counterpoints, including some from Gary McGraw, that are worth reading. Among other things, Gary says, "However, if you want real security analysis you have to go past the binary, past the source code, and actually consider the design." 

Opinions on binary vs. source code (and design!) analysis, anyone?

Cheers,

Ken
-----
Kenneth R. van Wyk
SC-L Moderator
KRvW Associates, LLC
http://www.KRvW.com







Attachment:
PGP.sig

Description: This is a digitally signed message part


_______________________________________________
Secure Coding mailing list (SC-L) [email protected]
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________






















					Reply via email to