LogicLibrary Inc., a maker of automated software-quality applications, next week will unveil an enhanced software tool to help developers find security vulnerabilities in applications before viruses, bugs, and Trojan horses start attacking.

Logiscan 2.0 analyzes binary code for both commercial and in-house developers and identifies potential vulnerabilities within the source code. Such information could improve software quality, reduce quality-assurance times, and help ensure secure software distribution, the company says. The application also is integrated with the vendor's asset-management product, Logidex.

Logiscan 2.0, which can handle C and C++ software for Windows as well as Linux software, adds support for Sun's Java 2 Enterprise Edition programming language and Sparc processors, expanded reporting options, and easier-to-understand visualization. The software provides binary analysis of J2EE and views into vulnerabilities such as buffer overflows and cross-site scripting. Customers can also analyze binary code in aggregate or trend reports. The aggregate versions let developers view a complete list of vulnerabilities so they can zero in on one quickly. Trend reports provide a list of all the updates made to an application.

LogicLibrary's new AppExplorer graphical user interface lets users scan across multiple apps or zero in on one of them to trace data from the point of vulnerability to the eventual problem.

Logiscan is sophisticated because of the way it uses binary analysis to find flaws that might otherwise be found only when hackers exploit them after the apps come in contact with outside services, IDC analyst Melissa Webster says. The tool also is of great value to third-party software users who don't have access to source code, she says. "The business need for LogicLibrary, as with any security vendor, is to reduce risk for apps that exist beyond the perimeter," she says. "It's very difficult for any app developer to know all the ways that their software can be exposed."