Contracts by way of security consultants do not come cheap. Finding holes in a system is something most high profile companies are keen to do before there’s a chance of rogue hackers discovering 0-day exploits.
A Finnish company, Codenomicon, is doing away with the need for some support staff. It uses an automated technology called Fuzzing, which does its best to feed a program with unexpected input data to find defects. Fuzzing has been around for years but Codenomicon’s software does it automatically.
In Codenomicon’s own words: “Fuzzing is useful in analysing proprietary systems as it doesn’t need access to a source code. The system undergoing a test can be viewed as a black box, with external interfaces available for injecting tests, but without any other information available on the internals of the tested system.
“Fuzzing is able to cover the most exposed and critical attack surfaces in a system relatively well, and identify many common errors and potential vulnerabilities quickly and cost effectively.”
The outfit has contracts at high levels, including with the British government. The cost for the software is on an annual payment basis and the reception so far has been great, according to Heikki Kortti, senior security specialist at the company. While there are some rooms Kortti is not able to travel through, Codenomicon does have clearance for a lot of government systems.
Kortti tells TechEye that security consultants needn’t be worried: there will still be a space for them. But what Codenomicon does is automatically sweep for errors, which dramatically cuts costs on hiring teams of coders to scan for exploits. He tells us: “There will always be a place for consultants.” Codenomicon simply makes security testing for exploits automatic and easier.