Checkmarx announced technology this week that the company describes as an innovation in secure coding. Static code analysis tools have been used to fight software vulnerabilities but they require that a project be almost completed before scanning can take place, according to the company. The Checkmarx Virtual Compiler lets source code be scanned in real time without using a compiler, giving developers, auditors, and security professionals capabilities for secure coding and fixing flaws at the earliest stages of development, the company said. [ Microsoft also has focused on security for application development. | Keep up with app dev issues and trends with InfoWorld's Fatal Exception blog. ] Most security issues can be traced to code vulnerabilities, Checkmarx said.
This makes security repairs to code costly and nullifies the benefits of static analysis. Security auditors, meanwhile, can conduct audits any time on the code base without having to emulate a developer's environment. "The Checkmarx Virtual Compiler means developers can finally fix code on the assembly line instead of having to wait until the software is almost out the door," said Checkmarx CTO and founder Maty Siman in a statement released by the company. Checkmarx Virtual Compiler lets developers scan un-built code so static analysis can be performed earlier in the development lifecycle, Checkmarx said. Usable in any stage of development, the product supports Linux, Windows and Solaris and languages such as Java, C/C++ and Salesforce.com Apex. This story, "Checkmarx touts innovation in secure coding," was originally published at InfoWorld.com. Checkmarx is offering a free trial of its code analysis, accessible.
Follow the latest in developer trends at InfoWorld.com.
0 comments:
Post a Comment