Microsoft coders get bug-checking tool
Published: 10 Feb 2003 10:20 GMT
Microsoft developers now have a new tool to help them catch security bugs in their own code.
A plug-in created by security firm Sanctum, scheduled for release in March, will be the first to easily integrate with Microsoft's development platform Visual Studio .Net. The tool, AppScan Developer Edition 1.5, can be run on Web applications in real time to catch common programming flaws.
"The cool thing with the integration with Visual Studio is that, because it's there in your face, you run it early and you run it often," said Michael Howard, senior programme manager for Microsoft and the author of the company's textbook on secure programming. "You can find issues before they get far down the development path, before they become expensive to remove."
The announcement comes as Microsoft moves into the second year of its "Trustworthy Computing" initiative, the most visible part of which is its push to heighten product security. Last year, the company spent more than two months and $200m training its own developers in secure programming.
Tools like Sanctum's go a long way toward moving that training outside Microsoft to the independent developer community, said Michael Kass, product manager for Microsoft's .Net Framework.
"There are two sides to Trustworthy Computing," Kass said. "First, training our developers and making sure that we ship more secure applications. The other side is evangelising best practices."
Until now, Sanctum had primarily been providing products to security consultants and network auditors, which would use AppScan 3.5 to test Web sites and applications for commons security flaws. With AppScan DE 1.5, Sanctum is moving its product up the development chain to catch bugs early, said Ben Straley, the company's product marketing manager.
"The way that we look at the application lifecycle is that there is a role for (testing) at every stage," he said. "Moreover, (AppScan DE 1.5 is) not just a useful testing tool, it is an educational tool as well."
AppScan DE 1.5 goes on sale in March. No price has yet been announced.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
39 out of 90 people found this useful
- Share this article:
