acm-header
Sign In

Communications of the ACM

Home/News/Like a Spellchecker for Developers: Automated Detection.../Full Text
ACM TechNews

Like a Spellchecker for Developers: Automated Detection of Security Vulnerabilities in Cloud Applications

By Fraunhofer-Gesellschaft (Germany)
June 3, 2021
Comments
View as: Print Mobile App Share:
The CodeShield logo.

CodeShield software uncovers security vulnerabilities and fixes them using automated methods.

Credit: CodeShield GmbH

CodeShield software can detect and patch security bugs in cloud applications, by automatically analyzing vulnerabilities in the program code.

Developed by the CodeShield spin-off from Germany's Fraunhofer Institute for Mechatronic Systems Design (IEM) and Paderborn University's Heinz Nixdorf Institute, the software discovers and visualizes vulnerabilities in real time, said Fraunhofer IEM's Eric Bodden.

CodeShield employs a so-called fingerprinting method, in which Bodden and colleagues download open source software components from the cloud and calculate a fingerprint for each element; this identifier allows insecure code to be recognized immediately if it is integrated within an app again later.

CodeShield also performs efficient daily dataflow analyses, and its false-positive rate is lower than 5%. Bodden contrasted this to the 70% to 80% false-positive rate of many information technology security tools.

From Fraunhofer-Gesellschaft (Germany)
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account