Sign In

Communications of the ACM

ACM TechNews

Like a Spellchecker for Developers: Automated Detection of Security Vulnerabilities in Cloud Applications

The CodeShield logo.

CodeShield software uncovers security vulnerabilities and fixes them using automated methods.

Credit: CodeShield GmbH

CodeShield software can detect and patch security bugs in cloud applications, by automatically analyzing vulnerabilities in the program code.

Developed by the CodeShield spin-off from Germany's Fraunhofer Institute for Mechatronic Systems Design (IEM) and Paderborn University's Heinz Nixdorf Institute, the software discovers and visualizes vulnerabilities in real time, said Fraunhofer IEM's Eric Bodden.

CodeShield employs a so-called fingerprinting method, in which Bodden and colleagues download open source software components from the cloud and calculate a fingerprint for each element; this identifier allows insecure code to be recognized immediately if it is integrated within an app again later.

CodeShield also performs efficient daily dataflow analyses, and its false-positive rate is lower than 5%. Bodden contrasted this to the 70% to 80% false-positive rate of many information technology security tools.

From Fraunhofer-Gesellschaft (Germany)
View Full Article


Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


No entries found