Home → News → Like a Spellchecker for Developers: Automated Detection... → Full Text

Like a Spellchecker for Developers: Automated Detection of Security Vulnerabilities in Cloud Applications

By Fraunhofer-Gesellschaft (Germany)

June 3, 2021

[article image]


CodeShield software can detect and patch security bugs in cloud applications, by automatically analyzing vulnerabilities in the program code.

Developed by the CodeShield spin-off from Germany's Fraunhofer Institute for Mechatronic Systems Design (IEM) and Paderborn University's Heinz Nixdorf Institute, the software discovers and visualizes vulnerabilities in real time, said Fraunhofer IEM's Eric Bodden.

CodeShield employs a so-called fingerprinting method, in which Bodden and colleagues download open source software components from the cloud and calculate a fingerprint for each element; this identifier allows insecure code to be recognized immediately if it is integrated within an app again later.

CodeShield also performs efficient daily dataflow analyses, and its false-positive rate is lower than 5%. Bodden contrasted this to the 70% to 80% false-positive rate of many information technology security tools.

From Fraunhofer-Gesellschaft (Germany)
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA

0 Comments

No entries found