Source Code Audit
Independent source code auditing has become the de facto standard to ensure quality and security in software products. An outside professional opinion of software design and implementation based on the actual source code and build process of your product will greatly enhance quality and security or confirm the effectiveness of your high development standards.
Recurity Labs recommends source code audits for software vendors and source code customers alike. Typically, source code audits are required when:
- Third party commercial or open source libraries, classes or entire products are to be used in your product. The code quality and data format assumptions of the third party code will not necessarily comply with your development guidelines.
- In-house or third party products are to be deployed in large scale with complicated update scenarios. If a vulnerable or defect version of the product is deployed, the costs for fixing a single problem will easily exceed the cost for a source code audit.
- Your software products are to be released and shipped. For products on common operating system platforms as well as products in embedded systems and devices, an additional quality and security assurance will greatly reduce support and maintenance cost once the product is out of the door.
Recurity Labs draws from extensive experience in auditing source code of leading software vendors on various platforms, written in different programming languages. Combined with system threat analysis, auditing source code becomes a highly focused effort to increase short-term software quality and security while retaining a long-term effect.