[SC-L] Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis

Kenneth Van Wyk Mon, 22 Jan 2007 11:13:51 -0800

Ok, last software security news item for today, I promise. :-) This article (see http://www.darkreading.com/document.asp?doc_id=115110&WT.svl=news1_1) is about a couple of new startup companies. One of them in particular, Veracode, may be of some interest here. The article says, "Veracode, founded by Chris Wysopal and other former executives of @stake, is now offering patented binary-code analysis of software for enterprises that want to analyze their software's security on a regular basis. The ASP will also offer security reviews of enterprise products and security analysis of third-party apps for software developers."

The article also provides some counterpoints, including some from Gary McGraw, that are worth reading. Among other things, Gary says, "However, if you want real security analysis you have to go past the binary, past the source code, and actually consider the design."


Opinions on binary vs. source code (and design!) analysis, anyone?

Cheers,

Ken
-----
Kenneth R. van Wyk
SC-L Moderator
KRvW Associates, LLC
http://www.KRvW.com

PGP.sig
Description: This is a digitally signed message part

_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________

[SC-L] Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis

Reply via email to