The TechnologyBy Baselinemag | Posted 2004-03-05 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Cigital of Dulles, Va., thrives by figuring out why computer code doesn’t behave the way it’s supposed to.
The TechnologyCigital’s stock-in-trade is not software. It’s a philosophy about how software ought to be built.
The cornerstone of the company’s approach is the principle that reliability, security and performance must be designed into software from the beginning. Then, software must be tested at every stage of the development process. This methodology helps programmers detect errors earlier—thereby reducing the cost of correcting them—and produce more-robust software.
Cigital also uses risk-management techniques to determine the business consequences of software failures, because testing even a small program exhaustively would take hundreds of years.
Such ideas may seem obvious now. But when Cigital was founded 12 years ago, the concept of iterative quality testing was foreign in the commercial-software world. “Cigital was one of the first firms to have people on staff who understood the issues of why software fails,” says Theresa Lanowitz, an analyst at Gartner Inc.
Experts say Cigital has achieved several technical breakthroughs. Its automated testing tool, for example, intentionally introduces errors in order to predict how software will fail. Robert Stoddard, a senior software engineer at Motorola, estimates that 85% of the bugs the mobile-phone group ended up finding would have gone undetected without the Cigital application. “This went after a whole class of errors we weren’t even testing for,” he says.