New code scanner finds software vulnerabilities without source code

October 24, 2019 (PRLEAP.COM) Technology News
Darmstadt - Errors and vulnerabilities in software cause damage running into billions, can ruin a company's reputation and, in the worst case, endanger the safety of people. That's why the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt developed VUSC – the code scanner. VUSC (for VUlnerability SCanner) helps companies and developers to detect vulnerabilities in code within minutes. VUSC does not require any source code for this. The code scanner works on premises in a data protection-friendly manner. More info on VUSC at www.sit.fraunhofer.de/vusc.

According to a study, annual losses due to software errors and vulnerabilities amount to around 84 billion euros in Germany alone. For developers, software manufacturers and companies, error-free and secure software is therefore crucial. The principle of banana software, which matures at the customer's premises and the errors of which will be repaired gradually during operation, is now considered to be damaging to business. But how does the developer know whether his app contains any weaknesses? How do IT departments recognize whether the newly deployed software solution is secure?

The Fraunhofer software security experts have developed the new code scanner VUSC to answer these questions within minutes. "The file to be examined is simply loaded into the scanner by drag and drop," explains Steven Arzt, one of the VUSC developers and head of the Software Security Engineering department at Fraunhofer SIT. VUSC requires no source code for the scanning process – "this is a unique feature of our development," says Steven Arzt. VUSC also works on premises so that sensitive data remains with the VUSC user at all times and does not have to be sent to external servers. More information about VUSC at www.sit.fraunhofer.de/vusc.

Press Contact: Oliver Küch, +49/6151-869-213, oliver.kuech@sit.fraunhofer.de

Share Article