[SC-L] Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis

[Kenneth Van Wyk]

Ok, last software security news item for today, I promise.  :-)  This  
article (see
http://www.darkreading.com/document.asp?doc_id=115110&WT.svl=news1_1)  
is about a couple of new startup companies.  One of them in  
particular, Veracode, may be of some interest here.  The article  
says, "Veracode, founded by Chris Wysopal and other former executives  
of @stake, is now offering patented binary-code analysis of software  
for enterprises that want to analyze their software's security on a  
regular basis. The ASP will also offer security reviews of enterprise  
products and security analysis of third-party apps for software  
developers."

The article also provides some counterpoints, including some from  
Gary McGraw, that are worth reading.  Among other things, Gary says,  
"However, if you want real security analysis you have to go past the  
binary, past the source code, and actually consider the design."

Opinions on binary vs. source code (and design!) analysis, anyone?

Cheers,

Ken
-----
Kenneth R. van Wyk
SC-L Moderator
KRvW Associates, LLC
http://www.KRvW.com




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20070122/6b347892/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://krvw.com/pipermail/sc-l/attachments/20070122/6b347892/attachment.bin