Reliable Software Technologies said it has received $2.4 million from the Commerce Department's Advanced Technology Program for an electronic commerce security project.
The research and development company, known as RST, will explore ways of certifying the security of software components, beginning with those written in the Java language.
Despite early assumptions about the security of Java-based systems, "Java isn't 100% secure," said RST research scientist Gary McGraw, who wrote the book "Java Security: Hostile Applets, Holes, and Antidotes."
"When critical business is at stake, the software had better behave," Mr. McGraw said.
Anup Ghosh, RST's expert on electronic commerce, said, "Our research will focus on an essential problem that is stalling e-commerce progress-the weak security of software applications running on both servers, like business Web sites, and on client programs that run in customers' Web browsers."
RST is proposing that software components be put through a "pipeline" of security-analysis tests. When they pass, they would be stamped with digital signatures.