Experts warn firms for code audit as Windows XP enters extended support at Microsoft

Fortify warns firms of need for code audit as Windows XP enters extended support at Microsoft

Fortify Software, the application vulnerability specialist, is advising anyone working on customised or new applications running under Windows XP to beef up their code auditing procedures.

The advice comes as Microsoft has moved its support programme for Windows XP into extended support mode, meaning that the software giant is stepping its support for the still-popular operating system down a notch or two.

"Extended support for Windows XP will continue until April 2014, but this month's support move means that smaller firms will find it more difficult to get telephone support for Windows XP," said Barmak Meftah Senior Vice President Products & Technologies for Fortify.

"Microsoft has said it will continue to patch the operating system in response to code vulnerabilities as they are discovered, as well as issue hot fixes as and when required," he added.

According to Meftah, as well as continuing to security code audit any new and updated Windows XP applications, companies should also review their patching procedures, and ensure that security testing forms an integral part of their software development processes.
Because Microsoft is continuing to issue hot fixes for Windows XP, he explained, this means that some of the kernel code for the operating system could be changed in the future, so it is important that any company using customised or new XP-driven software is aware of the heightened need for auditing their program code.

And whilst major companies can still obtain customised support for Windows XP for Microsoft - at a premium charge - this type of support is not normally open to smaller companies.

This means such companies may have to turn to third-party firms for Windows XP support, where previously they used Microsoft support on a pay-as-you-go or subscription basis.

"This all adds an extra layer of risk to the integrity of the program coding process and companies need to be aware of this. Adding code auditing to the software development lifecycle can be a lower-cost option than using premium support services," he added.

"And companies should also be aware that a multi-layered approach to IT security can also reduce any risks, but code auditing definitely now needs to be higher up the IT security agenda," he added.

For more on Microsoft support changes for Windows XP:

For more on Fortify Software:

Source: Eskenzi PR