CodeShield software can detect and patch security bugs in cloud applications, by automatically analyzing vulnerabilities in the program code.
Developed by the CodeShield spin-off from Germany's Fraunhofer Institute for Mechatronic Systems Design (IEM) and Paderborn University's Heinz Nixdorf Institute, the software discovers and visualizes vulnerabilities in real time, said Fraunhofer IEM's Eric Bodden.
CodeShield employs a so-called fingerprinting method, in which Bodden and colleagues download open source software components from the cloud and calculate a fingerprint for each element; this identifier allows insecure code to be recognized immediately if it is integrated within an app again later.
CodeShield also performs efficient daily dataflow analyses, and its false-positive rate is lower than 5%. Bodden contrasted this to the 70% to 80% false-positive rate of many information technology security tools.
From Fraunhofer-Gesellschaft (Germany)
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA