当前位置:网站首页>Xinsi technology helps Israel visuality systems promote the "left shift" of security

Xinsi technology helps Israel visuality systems promote the "left shift" of security

2022-06-10 17:02:00 InfoQ

Xinsi technology has always emphasized safety “ Move left ”, In the software development life cycle  (SDLC)  Early resolution of safety and quality defects . This can provide users with more reliable products .
 
Visuality Systems Ltd.  Headquartered in yoknimu, Israel , Is the world's leading server message block  (SMB)  Agreement solution developers and suppliers . The solution is a data and printer communication protocol , Provides shared access to files and printers across network nodes . Visuality Systems  Have more than  150  Customers , Provide the most comprehensive  Microsoft SMB  Client and  SMB  Server Solutions , For various embedded products 、 be based on  Java  Applications and storage systems .

 
Challenge : More stringent code quality and security testing
Visuality Systems Automation Manager Limor Segal-Shevah Express :“ Software security is a priority for our customers , They expect Visuality Systems And other partners can provide trusted software .Visuality Systems Hope to prove clearly , Our solution has been rigorously tested , To protect customers' products and applications .”
 
Visuality Systems Committed to developing  SMB  Client and server based solutions , Key customers include consumer devices 、 Aerospace and defense 、 Industry leader in automotive and industrial and medical equipment . Visuality Systems Of  NQ  The product line is the most commonly used business in the world today  SMB  Solution .
 
Limor Segal-Shevah Pointed out that :“ Whether it's a printer 、 Household appliances 、Java Applications 、 Medical equipment or car entertainment system , Our customers have created various software applications that run on different hardware and software , And each application has specific requirements .”
 
Limor Segal-Shevah  added :“ All devices require a network connection , Because in today's world , Devices and applications cannot work alone . Many applications and embedded devices use server message blocks or SMB agreement (Windows The default standard of the system ) With the back end Windows The system communicates . Network vulnerabilities can give hackers the opportunity to obtain confidential information or use the system to attack .”
 
She said :“ Software vulnerabilities are often the result of coding errors , Malicious attacks can exploit vulnerabilities in the code .Visuality Systems Developers need proactive detection tools to find bugs in the code they write , To reduce the risk .”
 
Solution : New thinking technology Coverity  Static application security testing
Visuality Systems Already in use
New thinking technology
(Synopsys) Of
Defensics Fuzzy testing
To identify vulnerabilities in the running code , And in 2019 Added in
Coverity Static application security testing
(SAST), To help its development team solve coding vulnerabilities early in the software development life cycle .Coverity It's a fast one 、 Accurate and highly scalable static analysis solutions , Help development and security teams deal with security and quality vulnerabilities , Ensure compliance with security and Coding Standards .
 
 
rely on Coverity  Static application security testing ,Visuality Systems Developers can scan code without interrupting the normal workflow , To find security vulnerabilities and quality defects .  Developers can choose Coverity Fast desktop 、 Incremental or full analysis mode , To determine the speed and depth of the analysis . Rapid desktop analysis and incremental analysis can help developers find vulnerabilities in coding , These vulnerabilities are the easiest to find , And the easiest to fix .Coverity Complete analysis mode and construction of /CI Tool Integration , If the defect violates safety or quality regulations , Then the build fails .DevOps Teams can adapt and manage code analysis to changing needs .
 
Coverity Integrated into Visuality Systems Of CI/CD In the process . Company use Bitbucket and Jira Cloud Manage their workflow for software teams , And dynamically displayed in pull-request Information about new problems found in the build .Coverity  adopt  Python  and  Jenkins CI  Integrated into the build process .  Every piece of code is written by  Coverity  Check , And in  Coverity  It cannot be merged into the main branch of development before passing .  When a vulnerability is first detected , The responsible developer will  Slack bot  Failure notification received in , Fix the problem , Then push the code to the cloud , To trigger a new pull-request structure .  cycle , Until the security 、 Good code .
 
Limor Segal-Shevah Appreciative way :“ New thinking technology Coverity  It's a powerful tool , Can help  Visuality Systems  Continuous improvement of products , And finally write a better 、 Safer code .”
 
Results : More robust code , Higher customer satisfaction
Visuality Systems The code quality and stability have been improved .Visuality Systems Code defects and vulnerabilities have been solved before the software is released . Instead of waiting for the customer to discover the problem , Feedback to the company , Then back and forth to repair . Address security and quality defects during code development , You can deliver more robust code to your customers .
 
Limor Segal-Shevah Express :“ in my opinion ,Coverity The best part is to provide comprehensive information , And have the ability to filter this information , For example, identify priorities 、 Risks and individual developer owners, etc . I can only look at the new problems found in the latest version ; It can filter out the information I don't need , Just set the information I want . Very convenient . We often use the filtering function , Whenever the database changes , You can also use the notification function .”
原网站

版权声明
本文为[InfoQ]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/161/202206101558475207.html

边栏推荐

猜你喜欢

随机推荐