Automated security testing helps developers clamp down on IoT, open-source threats

Application vendors and security companies are steadily responding to the call for better information security, with a slew of new automated tools working to bolster security from the developer to the endpoint device.

Flexera, for one, recently added a degree of security-testing automation to the development process with this month’s release of FlexNet Code Insight, which continuously monitors open-source software to identify potential security issues. Because open-source software is widely used in other bespoke and commercial systems, knowledge of the open-source vulnerabilities can be used to help developers spot and remedy potential security issues long before their code goes into production.

“The first step is always awareness,” Flexera director of Secunia Research Kasper Lindgaard recently told CSO Australia, “and a lack of awareness is why patching remains such a big issue year after year.”

“There are still vendors out there that are not mature enough to have a proper development cycle. And either people need to become more aware, or we need to change the way that the supply chain is working within the software industry.”

BlackBerry has been doing just that within its renewed focus on automotive security – part of an effort to rein in unchecked Internet of Things (IoT) vulnerabilities – saw the company debut a cloud-based code-scanning solution that automatically identifies vulnerabilities in automobile software.

The code-scanning platform – which can also be used in other embedded systems-dependent industries like healthcare, industrial automation, aerospace, and defence – is already being trialled with car makers like Jaguar Land Rover, whose CEO Dr Ralf Speth said the platform had reduced the company’s time to conduct code security reviews from 30 days to 7 minutes.

“Automotive makers are becoming much more aware of the security threat,” BlackBerry chief security officer Alex Manea recently told CSO Australia. “They are understanding that security threats can directly translate into safety threats, which can then directly translate into potential losses. Innovation around this is very much focused on the software side of things, and on cross platform solutions.”

Bitdefender, for its part, recently partnered with Netgear to offer an upgraded software platform called Netgear Armor, which applies the company’s security technologies to the home or business network in an attempt to bolster IoT protections.

Exploitation of commodity routers has proven to be a key weak spot in business security protections, with Australia among the compromised targets in one recent global DDoS botnet and Netgear routers hit with an easy-to-exploit vulnerability in its authentication.

Another recently released tool, from startup company ShiftLeft, scans developer builds and creates a bespoke security wrapper that is deployed along with the build to remediate potential security issues early on.

By surrounding established development processes with increasingly automatic code scanning and identification of potential security issues, development-tool vendors hope to steadily raise the bar for security in enterprise development and emergent areas such as IoT.