"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code

We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.

If you're serious about implementing protocols correctly, you need the Codenomicon tools."

-- Jeremy Allison,
   Co Creator of Samba

Articles and Editorial Coverage


May 2014

AAMI Journal
Practical Considerations Of Fuzzing: Generating Insight into Areas of Risk - By Jonathan Knudsen

Posted with permission from the Association for the Advancement of Medical Instrumentation, www.aami.org. Any other distribution of AAMI-copyrighted material requires written permission from AAMI.

<full article>

May 2014

AAMI Journal
Fuzzing: A Solution Chosen by the FDA to Investigate Detection of Software Vulnerabilities - By Steven D. Baker

Posted with permission from the Association for the Advancement of Medical Instrumentation, www.aami.org. Any other distribution of AAMI-copyrighted material requires written permission from AAMI.

<full article>

March 2014

The Journal of Free Standing Emergency Medicine:
Cybersecurity and the Emergency Physician - By Mike Ahmadi, CISSP

Medical devices are all becoming computerized and are quickly becoming “connected medical devices”, designed to communicate with a network. What are the security implications of adding a wireless communication interface to medical devices? Mike Ahmadi, CISSP, discusses medical cybersecurity.

<full article>


September 2013

Arabian Oil&Gas:
Interview: Insider Information - By Lionel Mok

Hon. Howard Schmidt, keynote speaker at the O&G ICS Cyber Security Forum, opens up on cyber-security challenges in the region, specifically in Middle East.

<emagazine pp. 80-85>

<full article>

July 2013

ISSA Journal:
Make Software Better with Fuzzing - By Jonathan Knudsen

The computer industry is well over a half century old, and everyone who uses a computer is still dealing with software failures, often on a daily basis. This article describes fuzzing, a technique for hardening software that is crucial to builders and buyers of software.

<full article>

June 2013

Helsingin Sanomat:
Kyberkonkari arvostelee laajaa urkintaa - By Juhani Saarinen

This article is an interview with Howard Schmidt on whistleblowing, Codenomicon, and riding some motorcycles.

part 1 (in Finnish)

part 2 (in Finnish)

June 2013

Maanpuolustuslehti:Cyber Threat and Cyber Domain and its Implications on National security
- By Howard A. Schmidt

The Finnish government recently adopted a resolution on the nation’s cybersecurity strategy. This is a part of a global trend: governments around the world are realizing the importance of their cyber infrastructure and taking measures to secure them against cyber threats. But, what are these cyber threats they are preparing for and can a national cybersecurity strategy help address them?

<full article>


May 2012

Defence & Security Systems International:
Your software is vulnerable to attack - By Eeva Starck

In a cyber world where most devices are linked to the worldwide web, everything is vulnerable. Security analyst Eeva Starck of Codenomicon, which provides software testing and network situation awareness solutions that protect national security, recommends a zero tolerance approach to hackers.

<full article>

April 2012

Test Magazine:
Fuzzing web applications – The new web auditing - By Rikke Kuipers, Miia Vuontisjärvi

Fuzz testing is a new way to approach web application testing. It is more focused on DoS level problems and it is suited particularly well to finding previously unknown vulnerabilities in software.

<full article>

April 2012

Professional Tester:
That warm, fuzzy feeling ...and how you can get it - By Jonathan Knudsen

Jonathan Knudsen explains how to include fuzzing in your product life cycle.

<full article>


June 2011

TEST Magazine:
The power of fuzz – banishing security bugs - By Ari Takanen, Miia Vuontisjärvi

In this article Miia Vuontisjärvi and Ari Takanen of Finish security test specialist Codenomicon explore the area of security testing from both a vulnerability management perspective, and by examining some of the most common testing techniques in use today.

<full article>


March 2010

Professional Tester:
Hot fuzz - By Sami Petäjäsoja, Jarkko Lämsä, Anna-Maija Juuso

New access technologies make 4G, the new generation of wireless networks, more vulnerable but also more testable

<full article>


10 Aug 2009

Search Security Asia:
Emerging XML threats discovered - By Marcia Savage

A security testing firm said it discovered multiple critical flaws in widely used XML libraries that could be exploited by an attacker to launch denial of service attacks and to execute malicious code.

<full article>

5 Aug 2009

The Washington Post:
Researchers: XML Security Flaws are Pervasive - By Brian Krebs

Security researchers today unveiled details about a little-known but ubiquitous class of vulnerabilities that may reside in a range of Internet components, from Web applications to mobile and cloud computing platforms to documents, images and instant messaging products.

<full article>

5 Aug 2009

Researchers Uncover Critical XML Library Flaws - By Brian Prince

Security researchers release details about vulnerabilities in XML libraries from Sun Microsystems, Python and Apache. Developers who use the libraries are advised to take action as soon as possible.

<full article>

5 Aug 2009

Network World:
XML flaw threatens apps built with Sun, Apache, Python libraries - By Ellen Messmer

Vulnerabilities discovered in XML libraries from Sun, Apache Software Foundation and Python Software Foundation could result in successful denial-of-service attacks on applications built with them, according to Codenomicon.

<full article>

5 May 2009

The Data Center Journal:
A Friendly Reminder: Compliance Does Not Equal Security - By Ari Takanen

Security standards require you to built best practices in IT security. The practices defined in the standards are unfortunately somewhat behind on the best practices available in the industry. New security vulnerabilities emerge constantly and adjustment on the used protection measures and vulnerability detection techniques are always needed according and beyond those defined in the standards.

<full article>

1 Apr 2009

Software Test & Performance:
Making a Career of Evil - Using A Hacker's Tool to Secure Your Apps - By Ari Takanen

Fuzz testing turns the tables on those that would do harm. Learn about this negative testing technique that takes penetration to a whole new level. STP Magazine cover story by Codenomicon CTO Ari Takanen.

<download STP magazine>


11 June 2008

CM Crossroads:
Steve Hayes talks about Defensics 3.0
By Megan O'Meara

Defensics 3.0 is the new release from Codenomicon. At STAREAST 2008, we discover they do testing from layer 6 down to layer 2 looking for security issues, showing their customers where the first initial attacks might be, and help by exposing their vulnerability.

<view video>

3 June 2008

CNET News.com:
Codenomicon CTO discusses tackling vulnerabilities
By Robert Vamosi

CNET's Robert Vamosi speaks with Ari Takanen of Codenomicon about whether companies do a good job of finding and fixing their own vulnerabilities.

<full article>

15 Apr 2008

Climate of fear casts shadow over RSA
By Ian Grant

Increasing network complexity, identity authentication, tougher regulation, poorer enforcement, a free-for-all for collecting and storing personal data, and the consumerisation of network-enabled devices combined to induce a feeling that things cannot go on as they have any more.

<full article>

07 Apr 2008

Security forecast: smartphones
By Ian Grant

The modern mobile phone comes in two basic varieties. The more secure version is a stripped down 2G phone with very little data functionality. There are still some issues related to 2G confidentiality. First is the possibility that someone will eavesdrop your communications. The second concern is availability: what happens if everyone calls at the same time? But aside from these concerns, it is quite simple piece of equipment.

<full article>

1 Apr 2008

Virtually Informed:
Ari Takanen speaks on software security

Ari Takanen, CTO, Codenomicon, speaks at Infosec Europe April 2008 on software security in video interview

<view videos>

1 Apr 2008

Dark Reading:
Codenomicon Upgrades Platform

Codenomicon announces next-generation security testing software with unmatched ability to identify flaws before products ship.

<full article>

1 Apr 2008

Dr. Dobb's:
Fuzzing, Model-based Testing, and Security
By Jonathan Erickson

"Model-based fuzzing has many names. Fuzzing itself refers to a security testing approach where random or semi-random inputs are sent to software in attempt to crash it. The term itself was coined by Dr. Miller in the early 1990s to describe his command-line fuzzer, which was used to test various commands in different operating systems."

<full article (PDF)>   <full article (HTML)>

1 Apr 2008

Info Security Products Guide:
Eliminating risk through proactive, pre-emptive quality assurance tools
By Rake Narang

Codenomicon's objective is to ensure the security and robustness of any application or service implementation. Development and security personnel in a lab or staged environment use Codenomicon DEFENSICS to fortify quality and security assurance - quickly, easily and reliably. The test software offers a systematic blackbox and negative test methodology uniquely capable of revealing un-desired behavior and issues in protocol implementations.

<full article>

08 Feb 2008

Build A Better Wireless Shield
By Christian Perry

When enterprises make the move from a wired to wireless infrastructure, the danger of disregarding the importance of security often rears its head. The myriad challenges inherent with simply installing and maintaining a wireless network can easily push security to the wayside. However, that trap can prove fatal.

<full article>

01 Feb 2008

The Buzz Around Fuzzing

Security researchers long have sworn by it, and now many enterprises, developers, and service providers are turning to an increasingly popular method of identifying security vulnerabilities: fuzzing.

<full article>


01 Nov 2007

Codenomicon Introduces DEFENSICS for WLAN

Often, the biggest challenge faced by the developers of wireless consumer devices, public broadband infrastructure vendors and network service providers is the challenge of identifying product flaws and security vulnerabilities early in the production process. If these flaws go unidentified and if they remain in the final product, it will hamper the performance of the product and harm the reputation of the company.

<full article>

05 Oct 2007

San Jose Business Journal:
Finnish lines are crossing to San Jose

By Timothy Robers

When a Finnish company sews up the technology market in Finland, it's still got only the 0,5 percent of the global markket. And so it is not surprising that Finnish companies are lookin beyond their borders.

<full article>

11 Sept 2007

Computer Technology Review:
Storage Vendors and Service Providers Can Now Offer More Resilient and Secure Offerings

This week the Storage Network Industry Association (SNIA) had a decent turnout for its Storage Developers Conference which targets storage developers, architects, and engineers from the world.s leading storage vendors and service providers. The event, which garnished over 300 participants, covered such topics as distributed and content aware storage, data management and continuous data protection, and security.

<full article>

04 Sep 2007

Pro-active approach opens global doors

By Robert Anderson, Financial Times

Codenomicon is a typical Oulu high-tech start-up company with a very untypical attitude. "We are more American than the Americans," says Ari Takanen, chief technical officer and one of the founders. Unlike many other local start-ups, it has also successfully expanded abroad while remaining largely Finnish-owned and run.

Codenomicon produces software testing tools for web, network, wireless and digital media customers and then test and eliminate security and robustness weaknesses that, for example, allow hackers easy access.

<full article>

16 Aug 2007

Network World:
VoIP requires strict attention to security best practices

Despite the genuine possibilities of attack, some experts say that VoIP is more secure than the traditional public switched telephone network (PSTN).

“The VoIP system is much more secure than traditional systems,” says Ari Takanen, founder and CTO of Codenomicon, which makes software security-testing tools. Speaking at the recent VON Europe 2007 conference, he acknowledged VoIP vulnerabilities, but said they were not insurmountable. “IP systems are more exposed, but you have more security that you can install,” he says. “If you don’t use it — that’s stupid.”

<full article>

20 Apr 2007

Dark Reading:
Want Turns to Need

Software security is no longer an emerging discipline, and here's why enterprises should care

<full article>

26 Mar 2007

Byte and Switch:
Codenomicon announced Defensics Filesystems & Storage solution for securing the networked storage systems

<full article>