Microsoft developers now have a new tool to help them catch security bugs in their own code. The software giant plans to announce on Monday that a plug-in created by security firm Sanctum, scheduled for release in March, will be the first to easily integrate with Microsoft's development platform Visual Studio .Net. The tool, AppScan Developer Edition 1.5, can be run on Web applications in real time to catch common programming flaws.
"The cool thing with the integration with Visual Studio is that, because it's there in your face, you run it early and you run it often," said Michael Howard, senior program manager for Microsoft and the author of the company's textbook on secure programming. "You can find issues before they get far down the development path, before they become expensive to remove."
The announcement comes as Microsoft moves into the second year of its "Trustworthy Computing" initiative, the most visible part of which is its push to heighten product security. Last year, the company spent more than two months and $200 million dollars training its own developers in secure programming. Tools like Sanctum's go a long way toward moving that training outside Microsoft to the independent developer community, said Michael Kass, product manager for Microsoft's .Net Framework.
"There are two sides to Trustworthy Computing," Kass said. "First, training our developers and making sure that we ship more secure applications. The other side is evangelizing best practices."
View: The full story
News source: c|net