Signal 42 - Information Technology News
CityClubCasino.com - Get 7 times match bonus upto $100 per day!
BingoFantasy.com - Get $5 Free!
RaceTrackCasino.com
Bingo777.com - Get $5 Free!

Pulse Of The Web


Technology News Archive
April 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004

Technology News Feed Add Information Technology News Feed to Google
Add Information Technology News to My Yahoo!
Add Information Technology News to My MSN!
Information Technology News Feed Syndication
We support:

Apache
XFree86
Cygwin
Linux Documentation Project
CURL
GNU
ProFTPd
Sudo-ftp
Sudo

Useful Tutorials:

PostgreSQL
FreeBSD
Python
GCC
PHP4

  

Ounce Labs and Aspect Security Publish Report on Open Source Vulnerability Analysis


Wednesday, 15 February 2006

Ounce Labs, the leader insoftware security assurance solutions, and Aspect Security, the applicationsecurity specialists, today released "Opening the Black Box: A Source CodeSecurity Analysis Case Study." The report describes a detailed source codesecurity review of a popular open source application, ways specific flawsmay affect users, security trends of open source development, andguidelines that professionals should use for verifying the security ofapplications within their organization.


Primary authors of the publication are Jack Danahy, founder and CTO ofOunce Labs, and Jeff Williams, founder and CEO of Aspect Security as wellas Chairman of the Open Web Application Security Project (OWASP)Foundation. They document a detailed security verification of Azureus, thepopular open source BitTorrent client, by Aspect's team of applicationsecurity experts supported by Ounce Labs' advanced source code securityanalysis technology.


The Ounce Labs' analysis engine took under an hour to scan Azureus' 200,000lines of source code and identify vulnerabilities and potential designflaws in the application. Aspect's team used these results as part of itsunique application security verification process and documented details ofthe most critical vulnerabilities. This process is explained step-by-stepin Opening the Black Box to give organizations guidance on how to implementa software security assurance initiative for their own applications.


"Our security verification of Azureus found it to be resilient to attacksfor the most part, and security mechanisms have been well-implementedwithin the code," said Williams. "Verification is not simply findingvulnerabilities. We used Azureus as a test case to demonstrate acost-effective process for ensuring that applications are secure enough totrust with your business. These efforts also provide tremendous insightinto your organization's capability to produce secure code."


"This report demonstrates a process proven to successfully reduceenterprise risk caused by insecure software, although the vast majority ofcompanies have almost no insight into how secure their applications are,"said Danahy. "Layers and layers of network security are worthless ifapplication flaws and policy violations expose critical data to attack. Weare presenting a way to remove software risks that companies can beginimplementing immediately."


Jeff Williams will join Ounce Labs every hour during the RSA Conference inbooth number 215 to present findings from the Opening the Black Box report.Aspect will also be exhibiting in Ounce Labs' booth as a featured partner.


"Opening the Black Box: A Source Code Security Analysis Case Study" isavailable free to the public at Ounce Labs' booth or atwww.ouncelabs.com/openbox.


The Azureus Team volunteered their application as a test subject for thisproject. Their support during the process and permission to publish resultsof this study are greatly appreciated. More information about Azureus canbe found at http://azureus.sourceforge.net/.


About Ounce Labs, Inc.


Ounce Labs™, the leader in software security assurance, deliversproducts that allow customers to verify that software meets their definedsecurity requirements. Ounce Labs' enterprise-level automated source codeanalysis provides reliable vulnerability metrics necessary to managesoftware risk, enforce security policies, enhance audit capabilities, andtrack compliance efforts. Based on patents-pending Contextual Analysis™technology, Ounce Labs' products also pinpoint specific software designerrors and coding flaws to simplify remediation during any phase of thedevelopment lifecycle. Founded in 2002, Ounce Labs is located in Waltham,Massachusetts. For more information, please visit www.ouncelabs.com.


About Aspect Security, Inc.


Aspect Security specializes in web application and web services security.Aspect's expert staff is responsible for the security of financial,healthcare, biotechnology, e-commerce, Fortune 500, and government webapplications. Aspect provides code review, penetration testing, policydevelopment, and developer security training services to find, diagnose,and eliminate vulnerabilities in custom web application code. Aspect isprivately held and headquartered in Columbia, Maryland. To contact AspectSecurity call 301-604-4882, visit us on the Web at www.aspectsecurity.com,or write to info@aspectsecurity.com.


OUNCE LABS CONTACT:Chris McCleanOunce Labs781.547.7031 (o)617.571.8945 (m)Email Contact


ASPECT CONTACT:Bill HustedAspect Security, Inc.301-604-4882301-775-5545Email Contact


SOURCE:  Ounce Labs

Source: marketwire


All trademarks and copyrighted information contained herein are the property of their respective owners.



Related Articles


  
Best Voip Service Providers



Order SunRocket

From $16.60, unlimited minutes with 12-month prepay.

Rating:

Free Uniden cordless phone, no activation fee!




Order Packet8

From $9.99 (special promotion), unlimited minutes, no contract!

Rating:

Save Over $120!




Order ViaTalk

From $15.95, unlimited minutes with 24-month contract

Rating:

Free Exxon-Mobil gas card!




Order Netzero

From $14.99 unlimited minutes, no contract!, 3 months free.

Rating:

Get Three Months of NetZero VoIP Free!
Security News
Smith Micro to Acquire Ecutel Systems, Inc. Bringing Seamless Network Roaming and Secure Connectivity to Enterprise Customers
10 February 2007
Siemens Partners with Crossbeam Systems to Deploy Carrier-Class Unified Threat Management Equipment for Global Customers
21 January 2007
McAfee Inc. Extends Stock Options Exercise Period Due to Trading Blackout
14 January 2007
McAfee, Inc. Commences Action to Amend Certain Stock Options of Former Executives and Certain Current Directors
9 January 2007
Vulnerability Advisory: McAfee, Inc. Solutions Protect Against 11 Newly Disclosed Microsoft Windows Vulnerabilities
13 December 2006
Sunbelt Software Announces Top Ten Spyware Threats for November
13 December 2006
Online Security
Online Security
Voip News
Vistula Communications Is Selected by Northamber PLC for the Sale and Distribution of Its IP-PBX VoIP Platform in the UK
17 February 2007
Citrix Receives INTERNET TELEPHONY(R) Magazine's 2006 Product of the Year Award
16 February 2007
IP Telephony the Dominant Choice for Enterprise Voice in 2006
15 February 2007
Vocalscape Releases Load Balancer for VoIP Networks
10 February 2007
TeleTech Receives INTERNET TELEPHONY(R) Magazine's 2006 Product of the Year Award
30 January 2007
Global Crossing's VoIP Solutions Support Colorado's Fast-Growing Alpine Access
20 January 2007
VOIP Service Providers - Who is the Best Voip Provider ?
VOIP Service Providers - Who is the Best Voip Provider ?
Telecom News
SiRF Brings SiRFstarIII(TM) Pizzazz to Price-Conscious GPS Platforms
18 February 2007
Nurun Announces Record Revenues and Net Earnings Since 2000
17 February 2007
Comtech Group, Inc. to Present at Roth Capital Partners 2007 'OC' Conference on February 20th
17 February 2007
Towerstream Expands Los Angeles Network Offering High Speed Wireless Broadband to Additional Area Businesses
17 February 2007
Extreme Networks Delivers Innovative Wired and Wireless Network for Colorado's Brighton School District
17 February 2007
Evolving Systems Launches Tertio(TM) 7 Service Activation at 3GSM World Congress in Barcelona
17 February 2007
Telecom News
Telecom News
Hardware News
SiRF Teams with Skyhook Wireless to Deliver GPS-WiFi Hybrid Positioning to Accelerate Location-Based Services
13 February 2007
SiRF and Openwave Team to Bring Advanced Location Offering to Wireless Operators
13 February 2007
Pericom Semiconductor Reports Q2 2007 Financial Results
13 February 2007
Sierra Wireless introduces HSUPA product line
13 February 2007
Callidus Software Reports Fourth Quarter 2006 Results
13 February 2007
Andy Middleton Appointed Managing Director of NUR Europe
13 February 2007
Computer Hardware Online - Computer Hardware Info
Computer Hardware Online - Computer Hardware Info
Smart Cell News


Storage News


Elecoronics News
National Semiconductor to Announce Third Quarter Fiscal 2007 Financial Results on March 8
17 February 2007
Consumer Demand for Advanced Functionalities Drives Set Top Box Semiconductors Markets
17 February 2007
OmniVision Introduces 1/10 Inch VGA Camera Chip
17 February 2007
NAM TAI ELECTRONICS, INC. 2006 Sales Up 9%, Operating Income Down 19%, EPS Down 22%; Q4 2006 Sales Down 7%, Operating Income Down 118%, EPS Down 117%
17 February 2007
Electronic Trading of NYBOT Softs Exceeds 48,000 Contracts on Third Day of Side-by-Side Trading
10 February 2007
Panasonic Thailand, One of South East Asia's Largest Consumer Electronic Manufacturers, Deploys Multiple Procera Networks' PacketLogic Appliances
10 February 2007
Electronics Online
Electronics Online




A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z  

Linux Resources   •   Copyright © 2008   •   All rights reserved   •   Signal 42 - Information Technology News   •   Saturday, November 22nd 2008
Advertise   Contact Us  Submit your PR