1. Technical Field
The present invention relates to network data processing systems and, in particular, to protecting against viruses. Still more particularly, the present invention provides an improved method, apparatus, and program for source code management.
2. Description of Related Art
The computer field in general has been plagued by the introduction of programs known as computer “viruses” or “worms”. A computer virus is a section of code that is buried or hidden in another program. Once the program is executed, the code is activated and attaches itself to other programs in the system. Infected programs in turn copy the code to other programs. In this manner, virus code may spread throughout the computing system and, potentially, to other computing systems via network connections. The effect of such viruses can be simple pranks such as causing a message to be displayed on the screen, or more serious such as the destruction of programs and data. Computer worms are destructive programs that replicate themselves throughout a hard disk and/or memory within a computer using up all available disk or memory space. This replication eventually causes the computer system to crash since, eventually, there is no available disk or memory space to store data.
To combat the increasing problem of computer viruses and worms, many computer users employ the use of protection programs to detect data packets that may contain viruses or worms and then eliminate them before the program associated with the data packet may be run. Existing protection programs typically employ pattern matching to identify malicious code. Pattern matching is a process wherein a file is scanned and its code compared against virus patterns stored in its database. If a virus signature is detected in the code, the file is isolated and notification is provided to the user that a virus is present in the scanned file. In this way, infected files may be identified and eliminated before they cause damage to the computer system.
Security of program code is an issue for software developers as well. It is not uncommon for the development of a product to involve the resources of many outside teams of disconnected developers. This sort of collaborative development of potentially untrustworthy contributors, especially in the realm of open source development, leaves an end product exposed to potentially malicious code being inserted into the source code. Source code comprises programming statements and instructions that are written by a programmer. Source code is what a programmer writes, but it is not directly executable by the computer. A developer of a product may introduce destructive code into the source, which may result in significant damage to both stored data and other software.
Therefore, it would be advantageous to have a method for enhancing source code management by using existing virus detection methods in a library management system to identify potentially malicious code in the source code of a software product prior to performing a product build.