<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; "><BASE href="data:"><DIV style="font-family: Helvetica; font-size: 12px; color: black; text-align: left; ">Ok, last software security news item for today, I promise. :-) This article (see </DIV><A href="http://www.darkreading.com/document.asp?doc_id=115110&WT.svl=news1_1">http://www.darkreading.com/document.asp?doc_id=115110&WT.svl=news1_1</A>) is about a couple of new startup companies. One of them in particular, Veracode, may be of some interest here. The article says, "<FONT class="Apple-style-span" face="Arial">Veracode, founded by Chris Wysopal and other former executives of @stake, is now offering patented binary-code analysis of software for enterprises that want to analyze their software's security on a regular basis. The ASP will also offer security reviews of enterprise products and security analysis of third-party apps for software developers."</FONT><DIV><BR class="khtml-block-placeholder"></DIV><DIV><DIV>The article also provides some counterpoints, including some from Gary McGraw, that are worth reading. Among other things, Gary says, "<FONT class="Apple-style-span" face="Arial">However, if you want real security analysis you have to go past the binary, past the source code, and actually consider the design."</FONT></DIV><DIV><FONT class="Apple-style-span" face="Arial"><BR class="khtml-block-placeholder"></FONT></DIV><DIV><FONT class="Apple-style-span" face="Arial">Opinions on binary vs. source code (and design!) analysis, anyone?</FONT></DIV><DIV><FONT class="Apple-style-span" face="Arial"><BR class="khtml-block-placeholder"></FONT></DIV><DIV><FONT class="Apple-style-span" face="Arial">Cheers,</FONT></DIV><DIV><FONT class="Apple-style-span" face="Arial"><BR class="khtml-block-placeholder"></FONT></DIV><DIV><FONT class="Apple-style-span" face="Arial">Ken</FONT></DIV><DIV><DIV><DIV> <SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><DIV>-----</DIV><DIV>Kenneth R. van Wyk</DIV><DIV>SC-L Moderator</DIV><DIV>KRvW Associates, LLC</DIV><DIV><A href="http://www.KRvW.com">http://www.KRvW.com</A></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><BR class="Apple-interchange-newline"></SPAN></SPAN></SPAN></SPAN> </DIV><BR></DIV></DIV></DIV></BODY></HTML>