Communications of the ACM
Project Finds, Purges Vulnerable Code Snippets From the Net
Credit: iStockPhoto.com
Digital Security has launched the Eliminate Vulnerable Code (eVc) project, an initiative designed to eliminate insecure code.
The project uses crawler tools to detect insecure code, as well other forums that contributors can use to send in bad code. After the flawed code has been identified, the Web site or the owners of the code will be given a digest of reports that alert them to the fact that their code is insecure. The reports will not make any direct references to existing products that use the flawed code.
The project does not seek to fix code that is identified as being insecure, and will instead rely on a number of potential sponsors and members from Web sites, universities, and open source projects to correct the code.
The Open Web Application Security Project is one of the organizations that could collaborate with eVc.
Veracode's Chris Eng lauds eVc, saying efforts to eliminate insecure sample code are worthwhile. However, he notes that the problem of insecure code may be too big for eVC to handle. Eng says the amount of insecure code that is being posted to Web forums alone is so high that it is overwhelming qualified application security experts.
From Dark Reading
View Full Article
Abstracts Copyright © 2012 Information Inc. 
, Bethesda, Maryland, USA
No entries found