Code scanner roots out backdoors

Security start-up Veracode updated its SecurityReview tool this week to allow companies to scan for backdoors and malicious code introduced during the development process, a class of security holes often missed by existing scanners.

Veracode, which was established by former Symantec employees and launched its initial service in February, is seeking to distinguish itself by focusing on backdoor detection and on-demand services.

Companies such as Fortify, whose products only scan program source code, aren't able to find certain classes of security flaw, according to Veracode. The company argues its approach of scanning compiled, binary code is more accurate and complete.

"The binary represents the actual attack surface for the hacker," said Veracode's chief executive officer, Matt Moynahan, in a statement.

Backdoors, which are often included in programs by developers for legitimate purposes, nevertheless can pose a serious threat to companies, Veracode argues.