14 DAY TRIAL // Developers that have embraced the Security Development Lifecycle principles from Microsoft for their software also have a tool designed to evaluate projects.
BinScope Binary Analyzer is capable of assessing third-party software and report whether it meets SDL requirements or not.
Blackhat DC was the stage where the software giant introduced the latest version of its verification tool.
BinScope Binary Analyzer 1.2 is available free of charge via the Microsoft Download Center.
“BinScope is a Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations.
“BinScope checks that SDL-required compiler/linker flags are being set, strong-named assemblies are in use, up-to-date build tools are in place, and the latest good ATL headers are being used. BinScope also reports on dangerous constructs that are prohibited by SDL,” the Redmond company revealed.
David Ladd, principal security program manager, Microsoft announced the availability of both the BinScope Binary Analyzer as well as the Attack Surface Analyzer.
Ladd also enumerated some of the enhancements in BinScope Binary Analyzer 1.2, such as support for the latest version of VS.
“Binscope Binary Analyzer now supports Visual Studio 2010, making validation tasks readily available in the development environment.
“In addition, it integrates with Microsoft Team Foundation Server 2008 and Microsoft Team Foundation Server 2010 to output results into work items,” he stated.
The BinScope Binary Analyzer is offered to developers in two flavors. Devs can download either the stand-alone version of the tool, or grab the add-on designed to integrate seamlessly with Visual Studio.
It’s worth noting that developers don’t need to be running the latest version of Visual Studio, as they can also continue to leverage Visual Studio 2008, Team Foundation Server 2008, and Visual Studio Team System 2008.
The BinScope Binary Analyzer is available for download here.