“First to provide a solution that proactively prevents
hacker attacks on computer and Internet software, Reliable Software
Technologies (RST) today announced a free, open source software
tool that automatically identifies over 130 of the most common
security problems during the software development and auditing
process. ITS4 codifies security expertise into rules used to
identify potential security problems in source code. The new
software tool will be available today for downloading from the RST
Website (http://www.rstcorp.com/its4).”
“Software misbehavior lies at the root of most of today’s
security problems,” stated Dr. Avi Rubin, Internet Security expert
at AT&T Labs and author of the Web Security Sourcebook.
“Exploit scripts and tools such as the ones used to distribute
attack programs that launch distributed denial of service attacks
take advantage of software security problems, putting far too much
power in the hands of criminals. ITS4 helps arm the good guys.
Anybody developing security-critical software should use it.”
“ITS4 will be a critical tool for companies developing software
that drives their organizations. Companies in the finance, medical
research, and e- commerce industries, where security is an
essential issue, will benefit most from ITS4. As a proof of
concept, experts from RST’s Software Security Group recently tested
ITS4 on I-Pay (www.i-pay.com), a financial e-commerce program used
by many banks the Netherlands, uncovering a significant, remotely-
exploitable security hole. The problem that ITS4 identified is the
kind exploited by hackers every day. Given a potential software
security problem discovered using ITS4, RST can provide the
technical and consulting expertise required to secure the design
and avoid the security problem.”