Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Coverity and Wind River alliance to squash bugs during development

Software security firms and assurance vendors see value in catching vulnerabilites early in development process

By George V. Hulme | CSO | Published: 11:27, 01 February 2012

Coverity and Wind River have integrated Coverity's security development testing platform with Wind River's embedded software system to bring security into the embedded development process and squash security-related bugs as the code is being written.

In addition, Coverity will provide an edition of Coverity Static Analysis, pre-configured for Wind River Workbench, which means it'll support both Wind River Linux and Wind River's VxWorks real-time operating system.

The idea, argues Zack Samocha, senior director, product management at software development testing firm Coverity, is that catching flaws early in the development process is more cost effective than letting them slip into production, a view that has been long held among software security and assurance vendors.

"Development firms are always under pressure to produce, and get their products to market," says Samocha. "This integration helps them to catch and fix security vulnerabilities quickly and early in the process, without slowing down development," he explained.

SCADA

Software is spreading like the plague. It's infecting phones, cars, household appliances, medical gear, office equipment and even TVs. And where software spreads - such as to Supervisory Control And Data Acquisition Systems (SCADA) - internet connectivity is sure to follow.

The challenge we've seen in recent years - even in highly controlled environments - is that these systems are susceptible to attack just as traditional applications are. This creates risk and opportunity. The risk is that critical systems will be found vulnerable, perhaps a Stuxnet-like attack strikes crucial systems in Europe or the US. And therein resides the opportunity for security and software quality and assurance firms to reach a growing new market.

Coverity Security Research Laboratory

Embedded developers are going to need all of the help they can get. VDC Research Group recently published a report that shows more than 50% of engineers who were surveyed expect the products they'll be developing in two years will have web components. That's a jump of 20% from current projects underway today.

"Anyone who develops embedded systems should take a lesson from what happened with software and operating system vendors in the past decade: they became targets of both bad guys and security researchers who evaluated those systems for flaws," says Pete Lindstrom, research director at Spire Security. "There's no reason to believe SCADA and other embedded systems will be any different."

With that in mind, Coverity also recently announced the formation of its Coverity Security Research Laboratory. The Coverity lab will investigate the cause of both existing and new security related defects, Samocha says.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.