LOGIN | REGISTER NOW | SUBSCRIBE
 
Print

Security practices take focus off programmers and onto systems


By Alex Handy


 Alex Handy
Email
October 11, 2012 —  (Page 1 of 3)
Security concerns grow every day for application developers. With public-facing Web applications, mobile devices and wireless connections everywhere, sometimes software can feel as though it's being built with a target on its back. But a host of new security solutions from the likes of Denim Group, Sonatype and Veracode are attempting to rectify security concerns throughout the development process.

Traditionally, software development security has been handled with code scanners like Coverity and FindBugs. But such tools have been hampered by false positives, as well as their reliance on end developers to keep all security concerns in their own corner and to both find and solve these problems themselves.

John Dickson, CEO of the Denim Group, said that his company understands the gaps that exist in the software development security life cycle. To this end, the Denim Group has created ThreadFix, a process-based solution that he claimed can solve the systemic problems with application development security.

“The market is growing quite a bit,” said Dickson of the software security assurance market. “What we've seen with our enterprise customers is that when they have over 500 applications, they're struggling to look at this in a programmatic way. They bought a bunch of Fortify, but they're struggling to get coverage of their application portfolio.

“What ThreadFix does is it helps to address the challenge of getting a software security process up and running. You have all these different teams scanning code or live applications, and it collects all the data from these different scanners and helps the security analyst through the process of turning these into actionable items.”

Thus, ThreadFix has hooks into popular code-scanning and security tools, and offers a central place to track all discovered security issues. This gives managers a single place to observe all of the security concerns around an application portfolio, and to track the correction of these bugs through additional hooks into the source-code repositories.

Dickson said ThreadFix was created to address what he sees as a major problem in enterprise application security. “We're starting to see that application vulnerabilities persist far longer than network vulnerabilities. These vulnerabilities will sit out there for months at a time. For the most part, network vulnerabilities are fixed in a matter of days or weeks. In the application-level world, it's weeks or months. Part of the reasons is [enterprise application developers] don't know. If they knew and were able to quantify those vulnerabilities, they would be fixed sooner.”


Related Search Term(s): Denim Group, security, Sonatype, Veracode

Pages 1 2 3 


Share this link: http://sdt.bz/37067
 
Most Read  Latest News  Resources
SAP unveils SAP HANA platform innovations for Big Data and spatial processing
Features include smart data access and expanded cloud deployment options
Alteryx raises $12 million to put Big Data analytics in the hands of all business analysts
Quest founder's firm, Toba Capital, selects Alteryx as its first analytics investment
Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1
Jelastic launches new version of its Java and PHP hosting platform
Jelastic today announced the launch of a new version of its ultra-scalable cloud hosting platform
Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter


close
NEXT ARTICLE
Cigital Develops Ready-to-Use Tools for Securing the Smart Grid
Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan Read More...
 
 
 




News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>

   
 
 

 


Download Current Issue
MAY 2013 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?