Checkmarx touts innovation in secure coding

Checkmarx announced technology this week that the company describes as an innovation in secure coding. Static code analysis tools have been used to fight software vulnerabilities but they require that a project be almost completed before scanning can take place, according to the company. The Checkmarx Virtual Compiler lets source code be scanned in real time without using a compiler, giving developers, auditors, and security professionals capabilities for secure coding and fixing flaws at the earliest stages of development, the company said. [ Microsoft also has focused on security for application development. | Keep up with app dev issues and trends with InfoWorld's Fatal Exception blog. ] Most security issues can be traced to code vulnerabilities, Checkmarx said.

This makes security repairs to code costly and nullifies the benefits of static analysis. Security auditors, meanwhile, can conduct audits any time on the code base without having to emulate a developer's environment. "The Checkmarx Virtual Compiler means developers can finally fix code on the assembly line instead of having to wait until the software is almost out the door," said Checkmarx CTO and founder Maty Siman in a statement released by the company. Checkmarx Virtual Compiler lets developers scan un-built code so static analysis can be performed earlier in the development lifecycle, Checkmarx said. Usable in any stage of development, the product supports Linux, Windows and Solaris and languages such as Java, C/C++ and Salesforce.com Apex. This story, "Checkmarx touts innovation in secure coding," was originally published at InfoWorld.com. Checkmarx is offering a free trial of its code analysis, accessible.

Follow the latest in developer trends at InfoWorld.com.

Google Search Page Gets a New Look

Google has introduced a new version of the search engine's home page, which features a sleek fade-in effect that hides all the elements of the page except the logo, search bar, and the buttons. The rest of the elements of the page, such as links to Gmail, Documents, News, Maps, Shopping, etc., will be revealed with a fancy fade-in effect when you fist move the cursor on the screen. When accessing the main Google search page, you will only see the Google logo (or the doodle of the day) and the super-sized search bar (introduced a few months ago) with the search buttons underneath.

Google's new search homepage is now even less crowded, in comparison to Bing, the competing search engine from Microsoft, which overlays different images under the search bar daily and features search queries of interest. The search company says it tried about ten versions of the fading homepage and chose the current one based on "user happiness metrics". Some of the earlier versions of the fade-in Google homepage had an even more minimalistic approach, with the search buttons hidden at first. The fading Google homepage was first noticed a few months ago, when Google was experimenting with different designs. The final version of the fading homepage is now being introduced to Google home pages around the world. Google also introduced a better format for image search results earlier this week. Google explains in a blog post that it was concerned with the time to first action on the new homepage, which could confuse users initially. "We want users to notice this change... and it does take time to notice something (though in this case, only milliseconds!). "Our goal then became to understand whether or not over time the users began to use the homepage even more efficiently than the control group and, sure enough, that was the trend we observed," the Google team explained.

The new image search layout will show a larger image and additional smaller images alongside. In a previous update in November, Google also introduced Image Swirl, which bring layers of similar images into searches.

Grassley seeks proof of jobs from H-1B applicants

WASHINGTON - One of the U.S. Senate's leading critics of the H-1B visa program, Sen. Grassley wants IT consulting companies that hire H-1B workers at third party client sites to prove that there is work waiting for them. Charles Grassley (R-Iowa), is asking immigration officials to toughen their demands for evidence from companies hiring visa workers. The timing of his request to the U.S. Citizen and Immigration Service (USCIS) is no accident or is Grassley's interest.

In a statement accompanying the release of his letter to Mayorkas, Grassley said, that "Employers need to be held accountable so that foreign workers are not flooding the market, depressing wages, and taking jobs from qualified Americans. About a year ago, Grassley released a USCIS study that found either evidence of fraud or other violations in one-out-five H-1B visa petitions . His letter to USCIS Director Alejandro Mayorkas, released Tuesday, also comes just prior to the start of the new fiscal year, Oct. 1 and the release of 66,700 H-1B visas petitions, a number well short of the cap, applied for since April 1, the start of the annual petition process. Asking the right questions and requesting the necessary documents will go a long way in getting out the fraud in the H-1B program." Five months after USCIS completed its fraud study, federal officials arrested about a dozen people and charged with fraud. The U.S. recently expanded the case ; the company is fighting the charges in federal court. One of the cases involved a New Jersey company, Visions System Group Inc. alleged to have set up shell offices in Grassley's home state. Grassley said in his letter that the USCIS should be asking, "companies up front for evidence that H-1B visa holders actually have a job awaiting them in the U.S.," and not end up being "benched," or unpaid until work is found.

In response, a USCIS official said Mayorkas has received the letter and will respond for it. Grassley is also seeking information on the progress the USCIS has made on a number of other issues addressed in the fraud report, including job duties that differ from those described in the petition and failure to pay prevailing wages. Grassley's letter to tougher steps comes at the same time that some immigration attorneys have complained of stepped up enforcement efforts this year, especially with request for more evidence to support a petition. Richard Durbin (D-Ill), have introduced legislation that would toughen the rules on H-1B program, and impose a number of restrictions , especially on Indian firms and their ability to use large numbers of visa holders without hiring a proportional number of U.S. workers. Grassley, along with U.S. Sen. The U.S. can issue up to 85,000 H-1B petitions under the cap, with 20,000 set aside for advance degree graduates of U.S. universities.

IT employment is down generally, and with it, demand for the visa.

Microsoft defends its anti-malware software after Symantec piles on

Microsoft is defending the merits of its free Security Essentials anti-malware software after a top Symantec engineer badmouthed the new release. "Microsoft Security Essentials provides real-time protection that uses behavior monitoring and reputation services to help identify the malicious software as soon as it emerges in the ecosystem and then uses the Dynamic Signature Service to make the newest definitions available virtually real-time, without having to wait for the next signature download," Microsoft said in a statement. 11 security companies to watch Earlier in the week, Jens Meggers, vice president of engineering for Norton products, claimed the newly released Security Essentials is just an unimpressive recycling of Microsoft's discontinued Live OneCare technology for Windows desktops. "It's just stripped down OneCare," Meggers said, citing a report from Dennis Technology Lab that compared Norton AntiVirus 2009 to Microsoft Security Essentials and deemed Norton stronger in malware defense by about a 2-to-1 margin (the test was sponsored by Symantec). Microsoft expressed disappointment in Symantec's claims but did not rebut each of Meggers' remarks. In its statement Microsoft said it "continues to advocate for a defense in depth strategy that includes the use of anti-malware software, but also includes protections such as firewall and user account controls like those found in Windows, browser security like that in IE8 and continuous updates like those provided through Microsoft Update." Microsoft indicated it is offering Microsoft Security essentials for free because "we still see far too many consumers worldwide that do not have up-to-date protection either because they cannot afford it, are concerned about the impact the suites will have on the performance of their PCs, or because they simply do not realize their AV software is not up to date." Offering its software for free, said Microsoft, "will remove some of the barriers in the way of consumers having quality anti-malware protection today."