ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø

Software behavior � an overlooked risk

Leaders invest in software development to achieve business goals faster. With constant pressure around pushing new features and speed to market, it is difficult for IT organizations to keep tabs on the capabilities and behaviors of the portfolio of software they build. While typical application security testing like static application security testing (SAST) and software composition analysis (SCA) are used to help spot known vulnerabilities and anti-patterns, a necessary part of reducing risk for a business requires a solid knowledge of your applications� features and capabilities.

Targeting the things that matter

The goal of  teams is to protect the business from relevant threats so developers� primary focus can remain on new features that deliver innovation and growth. For any given organization those threats may look and feel a bit different.

For example, some companies� software portfolios may rely heavily on sending and receiving data from external sites, where pre-built patterns around secure input and output handling would increase developer efficiency. Others may have a large prevalence of source code and third-party dependencies related to cryptography, where evangelizing the right hashing algorithms and encryption protocols used across the portfolio reduces significant risk.

But without knowing what’s happening in an application’s code base, reducing risk and optimizing one’s portfolio for the right business outcomes becomes harder because threat prevention, developer education efforts such as , and software portfolio strategy become a guessing game.

Reducing business risk with Application Inspector

 is an open-source tool that identifies a long list of “interesting� features in source code, such as...

1. What types of interactions the software has with the underlying operating system
2. Whether the application has any integration with popular social media sites
3. Whether the application may collect personal user data, triggering the need for 

Such information can be used to understand which risks pose the greatest threat to the software your organization develops.

ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø has identified a few moments where Application Inspector can help answer difficult questions:

Application Inspector is free to use, can be automated in build pipelines for  teams, and updated regularly with new features. Adding Application Inspector to a software management toolset, in combination with traditional application security capabilities like SAST and SCA, may help to more quickly and accurately protect the organization from relevant threats, identify opportunities for feature rationalization across the portfolio, and devote more time to the frequent production of high-quality software.

Microsoft and ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø are  and frequently work together to solve the hardest business problems facing large organizations.

This blog article is not intended to address or provide advice concerning the specific circumstances of any particular individual or entity and does not constitute an endorsement of any entity or its products or services.

The ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø name and logo are trademarks used under license by the independent member firms of the ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø global organization.