LOGIN | REGISTER NOW | SUBSCRIBE
 
Print

Around the (Route 128) World in (About Two) Days


By David Rubinstein


 David Rubinstein
Email
October 31, 2012 —  (Page 2 of 7)

Pushing security onto developers
The second stop (after a fine lunch in the cafeteria of an office building in Waltham) was at Veracode, maker of code-analysis software for ensuring that applications don’t have vulnerabilities.

Veracode recently acquired Marvin Mobile, whose expertise in software vulnerabilities reaches into mobile devices. The importance of this, according to Veracode vice president of research Chris Eng, was brought to light by the recent leaks of personal information from mobile applications.

“BYOD [Bring your own device] is the new space people are having trouble with,” he said. “Apps are being brought into the workplace, and users are receiving downloads and updates” on devices that are also being used for work.

One of the questions that arises in discussions of software security—and why, after being written about and talked about for a decade, common techniques such as cross-site scripting and buffer overflows are still effective—centers on who in the application life cycle ultimately is responsible for security.

“Organizations are pushing accountability onto developers,” Eng said. This, he noted, is also important in organizations that are doing agile development and continuous delivery. “Developers need to learn what the issues in software are so as not to have to go through a whole test cycle,” which slows down the process of delivering software, he said.

Eng said he has seen organizations take the approach of passing fixes down to subsequent sprints, depending upon the length of the sprint. Organizations, he said, must decide which fixes are critical and which can wait till the next drop, since agile development means a fix can get out in a matter of weeks rather than months. He recommended that companies have someone from the development security team—or “security champions” created by the organization for their development teams—be in on each sprint kickoff to ensure security is a consideration throughout development.

Marvin Mobile’s technology, Eng said, gives Veracode the ability to scan devices for malicious applications, to run apps in a sandbox before sending them out to devices, and to check devices to see what they are connecting to. But he said that machine learning is a critical piece, as the technology can identify malware, then variances of that malware or new malware based on similar behaviors.

Veracode was to release a report on the state of security around the end of October.


Related Search Term(s): Altova, Black Duck, Boston, Perfecto Mobile, SmartBear, Veracode, Verivo

Pages 1 2 3 4 5 6 7 


Share this link: http://sdt.bz/37101
 
Most Read  Latest News  Resources
SAP unveils SAP HANA platform innovations for Big Data and spatial processing
Features include smart data access and expanded cloud deployment options
Alteryx raises $12 million to put Big Data analytics in the hands of all business analysts
Quest founder's firm, Toba Capital, selects Alteryx as its first analytics investment
Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1
Jelastic launches new version of its Java and PHP hosting platform
Jelastic today announced the launch of a new version of its ultra-scalable cloud hosting platform
Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter


close
NEXT ARTICLE
Kik Launches an Open API to Enable Mobile Developers to Bake Instant Content Sharing Into Any App
API-powered developers like Rude Boy Games, DrinkOwl and FlyScreen can promote their apps to millions of Kik Messenger users Read More...
 
 
 




News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>

   
 
 

 


Download Current Issue
MAY 2013 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?