Although testing is important to security anyone who knows run time testing well knows that it never finds all the errors or covers 100% of the code. It’s like testing in the medical world, it may find a specific disease but it won’t prevent it.

Preventing certain forms of security breaches is simply a matter of stopping the programmers from submitting the code that cause the security breach. Gartner says that over 50 % of all software vulnerabilities come from inside the application code and that a major portion of those are from simple buffer overflow condition.

Our SofCheck Inspector of Java (and Ada) can find 100% of all these (a certain set of faults) conditions and tell the programmer immediately to fix it!

I will be at the session tomorrow at SUN and would love to talk to you as to how Cigital and SofCheck might work together.