All the latest UK technology news, reviews and analysis
|
|
|
10 Jun 2010
HP is to offer a new service that helps developers avoid common security pitfalls when building applications.
HP Comprehensive Applications Threat Analysis is being offered as part of the company's Secure Advantage portfolio.
The service looks at software plans and architectures, and attempts to eliminate security flaws before they are coded in, and to make software more resilient by better architectural design.
"Most code is written with security vulnerabilities in it and then you test it, and that comes with a lot of legwork and a lot of risk," John Diamant, secure product development strategist at HP, told V3.co.uk.
"If you really want a fundamental improvement you need to design it for security at the beginning of the lifecycle."
Diamant explained that research shows that the cost of leaving vulnerabilities in code and fixing them later is many times greater than sorting problems out at the start of the software creation process.
Chris Whitener, chief security strategist for Secure Advantage at HP, said that when Diamant started talking about this six years ago "we thought he was kind of a nut".
"But once he started demonstrating the value of this with incredible numbers we made this standard practice in HP. It is now part of our process."
Comprehensive Applications Threat Analysis will be offered immediately and priced on a per-job basis, given the variable needs of developers.
The system has already been trialled with some large HP customers, including the State of Oregon.
"During the security assessment, the HP team identified risks and proposed solutions to mitigate current and future vulnerabilities," said Wallace Rodgers, programme manager for e-government at the State of Oregon.
"We implemented the HP proposed solutions and are extremely pleased with the security quality assessment as well as the recommendations."
In a similar move earlier this week, IBM made several announcements as part of its Security By Design initiative aimed at persuading businesses to build security into the design of applications rather than bolting it on afterwards.
IBM launched new security testing software, a source code assessment service, a secure engineering framework blueprint, and updates to existing access management software.
Latest stories from Developer
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
Graduate Developer / Software Developer (.Net, VB.Net...
PHP Developer / Web Developer (PHP4/5, Object Orientated...
Web Games Designer – Gibraltar Web Games Designer...
An exciting opportunity for a Systems / Business Analyst...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?