Tuesday, 1 August 2006

Fortify Software Contributes Software Security Research to Open Source Community

Fortify Software, a provider of enterprise security software, has announced that it has contributed an extensive classification of software security errors to the non-profit Open Web Application Security Project (OWASP).

According to the company the classification of 115 security vulnerabilities categories will help software developers and security practitioners understand the common coding mistakes that affect software security and more readily identify security problems.

OWASP will help manage the research from Fortify Software as part of the organization's library of free, unbiased open source documentation, tools and standards, the company said.

The classification of software security errors entitled the "Seven Pernicious Kingdoms" organizes security vulnerabilities into seven top level sets of security problems that can be used to help software developers understand the types of coding errors that can increase security risk. By better understanding how systems fail, developers will better analyze the software they create, more readily identify and address security problems when they see them, and generally avoid repeating the same mistakes in the future.

"When put to work in an analysis tool, a set of security rules organized according to this classification is a powerful mechanism for reducing security risk," said Dr. Brian Chess, Chief Scientist at Fortify Software.

"Software development practices have only just begun to look at the myriad of ways security problems factor into coding -- making a classification like this available should provide tangible benefits to the software security community," Brian added.