Category: Application Quality

Was Lack of Proper Code Analysis Tools a Root Cause of Juniper Networks Security Backdoors?

With the advancements of both cloud and mobile technologies, security remains a hot topic for every company. The number of reported instances of security backdoors due to faulty code or hardware continues to stagger. A recent article by Wired has brought forth another one of these unfortunate issues for a big player: Juniper. This technology giant has been providing networking and firewall solutions to companies, corporations, and the government for a number of years.

As a leader in networking technology, the last thing you want to hear is that a tech powerhouse like Juniper has found an application security problem. Two security issues were identified after a code review session outside of the company’s normal evaluation cycle. Security continues to remain a primary concern as more companies, government agencies, and even individuals rely on technology providers to manage data or maintain smooth operations.

Blackphone Update Removes Critical Security Threat: Did Code Quality Issues Contribute to the Problem?

As reported in a recent article by InfoWorld, a high profile privacy driven smartphone provider located a security hole capable of exposing their devices to attacks. Blackphone is a specially designed smartphone developed by SGP Technologies, who operates as a subsidiary of Silent Circle. The phone uses VPN for Internet access and runs on a modified Android version titled “SilentOS”. A third-party component Silent Circle used as part of the device design was capable of exposing the secure smartphone to outside attacks.

What Was the Security Issue?

The vulnerability made it possible for an attacker to control the modem functions of the phone. Researchers brought this problem forth when they identified an open socket accessible on the phone during a reverse engineering exercise. Currently, Blackphone is one of the most secure phones on the market because it uses built-in encryption to deliver secure:

  • Voice Calling
  • Text Messaging
  • Video Conferencing
  • File Transfers
Software Risk: Executive Insights on Application Resiliency

Software risks to the business, specifically Application Resiliency, headline a recent executive roundtable hosted by CAST and sponsored by IBM Italy, ZeroUno and the Boston Consulting Group.  European IT executives from the financial services industry assembled to debate the importance of mitigating software risks to their business.

The Importance of Checking Software Risk and Software Quality: A Wake-Up Call to Firms Across the Globe

If you've read the news lately, you've seen headline after headline (some, even on our blog) about computer glitches, technical failures, software risk, and hacks.  The health of applications is now under more microscopic attention than ever before - because no matter whether internal or external causes prompt a software outage, the security and stability of your applications are paramount.

Is Application Security Risk a Result of Outsourcing?

There’s a common belief in the software development space that when companies choose application outsourcing of their projects, the control they relinquish by doing so results in lower application quality and puts their projects at risk. Once again, however, CAST’s biennial CRASH Report, which reviews the structural quality of business critical applications, has disproved this theory.

Software Quality is More than Good Code

Over the past decade, advancements in static analysis tools from both commercial and open source communities have dramatically improved the detection of developer violations of good coding practices. The ability to detect these issues in coding practices provides the promise of better software quality.

Agile-Waterfall Hybrid Best for Structural Quality According to CRASH Report Findings

For the last half-decade, a debate has raged over which project management method reigned supreme – Agile or Waterfall. To determine which held the advantage, some looked at the management techniques and fluidity with which projects were completed, others judged the debate by pointing to the structural quality of the applications being developed.

Poor Software Quality Impacts Application Security

Dr. Carol Woody of SEI was recently featured on a CISQ webinar about the correlation of software quality and software security. Her lessons on this topic highlight why software security cannot be something added after-the-fact, it must rather be factored into the development of software applications from the moment coding begins.

This is a lesson that companies such as Sony need to learn. While past breaches like the ones carried out by the LulzSec group in 2011, affected their customers and cost them dearly in terms of reputation and reparations, the one they suffered late last year hurt them much closer to home when cyber criminals breached Sony’s entire network and threatened to expose all stolen data.

Five Reasons You MUST Measure Software Complexity

There’s an old adage in the IT industry – you can’t manage what you can’t measure. Knowing how complex an organization’s application portfolio is provides insight into how to manage it best. The problem is the issues that comprise software complexity – legacy system remnants, antiquated code, overwritten and rewritten code, the integration of formerly proprietary applications, et al – are the same things that make measuring it difficult.

With multiple system interfaces and complex requirements, the complexity of software systems sometimes grows beyond control, rendering applications and portfolios too costly to maintain and too risky to enhance. Left unchecked, software complexity can run rampant in delivered projects, leaving behind bloated, cumbersome applications. In fact, Alain April, an expert in the field of IT maintenance, has stated, “the act of maintaining software necessarily degrades it.”

Closing the Back Door thru Code Analysis

Have you performed code analysis on your software recently? If not, you are in good company as many companies are failing to do the one thing that could improve their software security – making sure the software isn’t vulnerable to an attack to begin with.