Errors and security gaps in software cause damage running into billions, can ruin a company's reputation and, in the worst case, endanger human safety. This is why the Fraunhofer Institute for Secure Information Technology SIT (Darmstadt, Germany) has developed the VUSC code scanner. VUSC - short for Vulnerability Scanner - helps companies and developers to detect vulnerabilities in foreign code within minutes. Unlike conventional analysis tools, VUSC does not require the source code of the software under investigation. In addition, users can operate the tool in their own local network so that sensitive information does not leave the company unintentionally.
Cyberattacks on servers, IT infrastructures and software-controlled systems are increasing worldwide. In view of the importance of software not only for the security, but also for the safety of the people who depend on it, the freedom from errors and security of their software is of decisive importance for developers, software manufacturers and users. But how do IT departments tell software users whether a newly purchased software solution is safe and error-free? How do manufacturers check purchased code from external developers for errors? And how does the developer know whether his app contains any vulnerabilities?
With Fraunhofer SIT’s VUSC code scanner, these questions can be answered within minutes. "The file to be examined is simply loaded into the scanner by drag and drop," explains Dr. Steven Arzt from Fraunhofer SIT. A decisive advantage of VUSC is that the scanner requires no source code for the scanning process - "this is a unique feature of our development," says Arzt.