Reasoning Debuts Proactive Application-Level Security Service

3/15/2004 - Reasoning Inc., a leading provider of automated software inspection services, entered the security arena by unveiling a new Security Inspection Service. Aimed at companies that develop C or C++ code, Reasoning’s new Security Inspection Service helps companies find and fix root-cause security vulnerabilities that are the leading target of hackers. These leading security vulnerabilities are behind 70 percent of CERT Advisories that are issued.

Reasoning is leveraging its software defect detection expertise to help companies address ongoing security vulnerabilities that exist at the application level. Existing alternatives, such as application scanning and dynamic testing tools, take a reactive approach and focus on finding known defects toward the end of the development cycle. Reasoning’s new service, on the other hand, proactively discovers security vulnerabilities early and at any stage in the development cycle, providing companies with significant cost-savings in finding and fixing these security flaws before applications are fielded.

A recent report by Gartner Group recommends that enterprises should require the use of vulnerability testing tools throughout the application lifecycle. By doing so, enterprises can avoid downtime costs caused by successful attacks and reduce overall system development costs by removing security vulnerabilities. Gartner’s report also highlights that if 50 percent of software vulnerabilities were removed prior to production use for purchased and internally developed software, incident response costs would be reduced by 75 percent.

"By incorporating an even deeper level of security vulnerability inspections, we were able to proactively enhance the security within Sendmail, the preeminent open source Mail Transport Agent on the Internet," stated Eric Allman, CTO of Sendmail, Inc. "Even after years of rigorous inspection by many people around the world and application of available testing tools to find security defects, Reasoning's security service discovered some new issues. They also went a step further to provide us with actionable reports coupled with a hands-on, post-inspection review with our team. Reasoning's expertise and critical insight enabled Sendmail to immediately find and remove security vulnerabilities from our code. This is important because Sendmail runs throughout the world at sites where security is paramount.”

Hackers routinely seek to uncover obscure execution paths that are not traversed by average users but open up security holes. Reasoning’s new security vulnerability service minimizes these hacker exploits by locating and reporting on the following security vulnerability defects:

Early Security Inspections Produce Clear Advantages
Reasoning’s Security Inspection service helps companies find security vulnerabilities that have been missed by other alternatives. Reasoning’s service achieves 100% code coverage and provides the exact location and root-cause of the vulnerability, making it easy for developers to immediately resolve flaws. Because Reasoning’s Security Inspection is delivered as a service, companies do not need to undertake expensive and time-consuming test case creation, validation, and maintenance; nor do they have to spend on additional staff or training. The security vulnerability inspection results are delivered in less than 10 business days, allowing development and IT departments to shield in-house resources from any project disruptions.

Reasoning Security Inspection Service Components
As part of Reasoning’s Security Inspection, customers receive a management metrics report and a security vulnerability report. These reports provide actionable information that aide developer’s in their ability to swiftly fix security flaws revealed by the inspection. Reasoning also provides each customer with a post-inspection review, whereby Reasoning language experts meet with the development teams to share industry best practices in order to minimize the introduction of additional security defects.

Bill Payne, Reasoning’s President and CEO said, “Increasingly, organizations are demanding additional verification from software vendors that they have undertaken rigorous vulnerability testing to minimize security risks and provide software that is more secure. Reasoning’s security service provides our customers with valuable, independent third-party assessment. This verification can also be used to demonstrate corporate compliance with many of the new and imminent government regulations such as GLBA, Sarbanes-Oxley and HIPAA.”

About Reasoning Inc.
Reasoning Inc. is the leading provider of automated software inspection services that help development organizations reduce the time and cost involved in finding software defects and security vulnerabilities. The company's business is focused on organizations that develop Java, C, and C++ applications. Reasoning is based in Mountain View, CA. For more information, interested parties can contact Reasoning at 650-316-4400 or at

About CERT
CERT (Computer Emergency Readiness Team) is a federally funded research and development center located at Carnegie Mellon University. It is the center for coordination and communication during Internet security emergencies, chartered by DARPA.

Previous Page | News by Category | News Search

If you found this page useful, bookmark and share it on: