Wednesday, September 2, 2009

Opening the Black Box: A Source Code Security Analysis Case Study

Originating Page

While businesses often understand the importance of maintaining secure applications, most companies have no idea whether their code is vulnerable or not. Applications have generally been accepted and deployed with no insight into their potential security impact, opening the floodgates for billions of dolars spent on patching systems, preventative technologies, and security services designed to protect against the compromise of flawed software.

We respectfully argue that the first step in assuring applications are secure is to open the black box; to look deep into the source code and identify the security vulnerabilities, design flaws, and policy violations that expose systems to attack. Peering even deeper, this process leads to the organizational root causes of the vulnerabilities, which can be addressed with an application security initiative to improve people and teams, policies and processes, and the technology supporting better software security.

Download the Entire Case Study (No Registration Required)