Checkmarx touts innovation in secure coding

Virtual Compiler scans code in real time, providing capabilities for fixing flaws at the earliest stages of development

Checkmarx announced technology this week that the company describes as an innovation in secure coding.

The Checkmarx Virtual Compiler lets source code be scanned in real time without using a compiler, giving developers, auditors, and security professionals capabilities for secure coding and fixing flaws at the earliest stages of development, the company said.

[ Microsoft also has focused on security for application development. | Keep up with app dev issues and trends with InfoWorld's Fatal Exception blog. ]

Most security issues can be traced to code vulnerabilities, Checkmarx said. Static code analysis tools have been used to fight software vulnerabilities but they require that a project be almost completed before scanning can take place, according to the company. This makes security repairs to code costly and nullifies the benefits of static analysis.

Checkmarx Virtual Compiler lets developers scan un-built code so static analysis can be performed earlier in the development lifecycle, Checkmarx said. Security auditors, meanwhile, can conduct audits any time on the code base without having to emulate a developer's environment.

"The Checkmarx Virtual Compiler means developers can finally fix code on the assembly line instead of having to wait until the software is almost out the door," said Checkmarx CTO and founder Maty Siman in a statement released by the company.

Usable in any stage of development, the product supports Linux, Windows and Solaris and languages such as Java, C/C++ and Salesforce.com Apex. Checkmarx is offering a free trial of its code analysis, accessible.

This story, "Checkmarx touts innovation in secure coding," was originally published at InfoWorld.com. Follow the latest in developer trends at InfoWorld.com.

Read more about developer world in InfoWorld's Developer World Channel.