ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Desktop platforms Toolkit in association with http://ad.doubleclick.net/clk;205413468;14699245;m?http://adfarm.mediaplex.com/ad/ck/2397-58840-22058-14

Microsoft turns to automatic code checks

Published: 27 May 2004 12:25 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

When Microsoft needed help in taming the large number of flaws that had crept into its Windows operating system, it looked to technology known as "static source code checkers" and a company called Intrinsa.

Intrinsa's product, known as PREfix, analysed the code created by developers and flagged potential errors. The software giant found the program so helpful that it bought the company for $60m (£32.9m) in 1999. Today, a handful of other developers of similar products hope to convince customers that they should be using their programs to spot-check security.

For Microsoft, such tools have become an integral part of its Trustworthy Computing Initiative, which aims to make Windows computers more reliable. The software maker trains 20,000 developers annually in secure programming, but the tools enforce discipline on a daily basis, said Michael Howard, security programme manager for the company.

"We are not seeing the same (security) issues as five years ago," he said. "We have educated people, so they understand these issues, and the tools are a lot better. People are not writing bad code. They are writing better code in the first place."

A handful of other companies have started to sell tools similar to the static source code checker used by Microsoft. Although the tools have been developed mainly by academics intent on collecting data about software flaws, these companies think the programs are mature enough for commercial applications. Moreover, with corporate information technology managers fed up with security flaws, many are ready to adopt the technology.

The spotlight on developers has increased in intensity in recent months with the release of a technology industry plan for better development and a report from the Business Roundtable that castigated software makers for failing to produce reliable products. Companies are reliant on the Internet, whether they're selling online, connecting to partners or just using email. Yet almost 4,000 flaws have been found in each of the past two years, according to the CERT Coordination Centre.

"Most of the significant cyberincidents that have harmed American business and consumers over the past several years have had as their root cause defective and readily exploitable software code," the Business Roundtable, which includes 150 chief executives from large US companies, said in a four-page "Framework for the Future." "Most software development processes used today do not incorporate effective tests, checks or safeguards to detect those software coding defects that result in product vulnerabilities."

Next

Previous

1 2 3 4


  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
212 out of 415 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Desktop platforms


Company/Topic Alerts

Create a new alert from the list below:






Featured Talkback

So if you upgrade to XP SP3 you can't uninstall Internet Explorer, I'm quite sure I'm having a Deja-vu feeling about MS preventing people from uninstalling Internet Explorer in other Windows products.

By: TheKLF99

Read full story:
Upgraders to XP SP3 warned over IE downgrades

Desktop Management Benchmarking

Test Your Desktop Management Systems

How good are your company's desktop management solutions? How do they compare with those of your peers?

Take two minutes to complete our new Desktop Management and Energy Consumption benchmark, and find out what issues your business needs to focus on.