Fortify pushes code audits as XP support ends

Mainstream support for XP includes only fundamental updates such as security fixes

Application security firm Fortify has warned that the end of mainstream support for Windows XP means that anyone working on XP-based applications should strengthen their code auditing procedures.

Despite the ongoing popularity of XP, particularly for use in netbooks, mainstream support now includes only fundamental updates such as security fixes.

"Extended support for Windows XP will continue until April 2014, but last month's support move means that smaller firms will find it more difficult to get telephone support," said Barmak Meftah, senior vice president of products and technologies at Fortify.

"Microsoft has said it will continue to patch the operating system in response to code vulnerabilities as they are discovered, as well as issue hot fixes as and when required."

Meftah explained that, while larger companies may be able to afford the charges being introduced for ongoing XP support from Microsoft, many smaller developers will have to ensure that code auditing is enhanced to keep applications secure and robust.

"This all adds an extra layer of risk to the integrity of the program coding process, and companies need to be aware of this. Adding code auditing to the software development lifecycle can be a lower-cost option than using premium support services," Meftah said.

"Companies should also be aware that a multi-layered approach to IT security can also reduce risks, but code auditing definitely needs to be higher up the IT security agenda."

Meftah believes that, as well as continuing to audit security code for any new and updated Windows XP applications, companies should review patching procedures and ensure that security testing forms an integral part of the software development process.