Codenomicon has released what it claims is the industry's first security assurance process to focus on unreported vulnerabilities.
"Unknown vulnerabilities are the biggest threat to IT systems, because there are no defences for attacks against them," said Ari Takanen, CTO of Codenomicon. "Finding and fixing unknown vulnerabilities in in-house and third party software should be the number one security priority."
The core technology behind Codenomicon's UVM model is Fuzzing, a technique used by hackers to find unknown vulnerabilities. Unlike other testing tools, Fuzzers, which are built into Codenomicon's "Defensics Attack Simulation Engine", modifies inputs to trigger vulnerabilities. Codenomicon claims the technique allows it to discover both known and unknown vulnerabilities.
|Automated vulnerability testing tools|
| Codenomicon's unknown vulnerability management process consists of four phases: Analyse, Test, Report and Mitigate. The whole process is covered by automated testing tools.
In the first phase, the Codenomicon Network Analyzer is used to build a picture of the entire network. Once all the open interfaces are identified, they can then be tested for vulnerabilities with Codenomicon's automated Defensics test tools. All the expertise needed to carry out the tests is built into the tools.
The Defensics tools also contain automated features for generating different levels of reports, reproducing vulnerabilities, performing regression testing and verifying patches. Finding, reporting and mitigating unknown vulnerabilities has never been easier, Codenomicon said.