Time for a code audit as Windows XP enters extended support

Barmak Meftah, senior vice president at Fortify, makes the point that, since Microsoft has moved its support programme into extended support mode, support will "come down a notch or two". Says Meftah: "Extended support for Windows XP will continue until April 2014, but this month's support move means that smaller firms will find it more difficult to get telephone support for Windows XP." He advises that, as well as continuing to security code audit any new and updated Windows XP applications, companies should also review their patching procedures, and ensure that security testing forms an integral part of their software development processes. Also, because Microsoft is continuing to issue hot fixes for Windows XP, some of the kernel code could be changed in the future, he says, "so it is important that any company using customised or new XP-driven software is aware of the heightened need for auditing their program code". His view: adding code auditing to the software development lifecycle can be a lower-cost option than using premium support services to avert risk. "Companies should also be aware that a multi-layered approach to IT security can also reduce any risks, but code auditing definitely now needs to be higher up the IT security agenda," he says.