Finding a solution to the software security and hygiene problem will take more than an Underwriter’s Lab seal of approval.
There’s no arguing with the fact that acquirers of software need assurances that the software they purchase is safe and stable to use. However, I struggle with the notion that analyzing software and assigning a pass/fail rating is the best solution, given that many state-of-the-art software assurance tools, technologies and capabilities have not kept pace with the complexity and size of modern software. Of particular concern to me are the challenges in performance, precision, and soundness of many static analysis tools, both open-source and commercial.
Leave a reply