Will code check tools yield worm-proof software?
When Microsoft needed help in taming the large number of flaws that had crept into its Windows operating system, it looked to technology known as “static source code checkers” and a company called Intrinsa. Intrinsa’s product, known as PREfix, analyzed the code created by developers and flagged potential errors. The software giant found the program so helpful, it bought the company for $60 million in 1999. Today, a handful of other developers of similar products hope to convince customers that they should be using their programs to spot-check security. For Microsoft, such tools have become an integral part of its Trustworthy Computing Initiative, which aims to make Windows computers more reliable. The software maker trains 20,000 developers annually in secure programming, but the tools enforce discipline on a daily basis, said Michael Howard, security program manager for the company. Full Story