Right now, officially, I think that is about it. IBM, Veracode, and AoD (in Germany) claims they have this too.
As Mattyson mentioned, Veracode only does static binary analysis (no source analysis). They offer "dynamic scanning" but I believe it is using NTO Spider IIRC which is a simplified scanner that targets unskilled users last I saw it. At one point I believe Veracode was in discussions with SPI to use WI, but since the Veracoders haunt this list I'll let them clarify what they use if they want. So IBM: soon. Veracode: sort-of. AoD: on paper And more to come in short order no doubt. I think we all knew this was coming sooner or later. Just a matter of "when". The big guys have a lot of bucks to throw at this problem if they want to, and pull off some really nice integrations. Be interesting to see what they do, and how useful the integrations really are to organizations. -- Arian Evans On Tue, Jul 28, 2009 at 9:29 AM, Matt Fisher<m...@piscis-security.com> wrote: > Pretty much. Hp /spi has integrations as well but I don't recall devinspect > ever being a big hit. Veracode does both as well as static binary but as > asaas model. Watchfire had a RAD integration as well iirc but it clearly must > not haved had the share ounce does. > > -----Original Message----- > From: Prasad Shenoy <prasad.she...@gmail.com> > Sent: July 28, 2009 12:22 PM > To: Kenneth Van Wyk <k...@krvw.com> > Cc: Secure Coding <SC-L@securecoding.org> > Subject: Re: [SC-L] IBM Acquires Ounce Labs, Inc. > > > Wow indeed. Does that makes IBM the only vendor to offer both Static > and Dynamic software security testing/analysis capabilities? > > Thanks & Regards, > Prasad N. Shenoy > > On Tue, Jul 28, 2009 at 10:19 AM, Kenneth Van Wyk<k...@krvw.com> wrote: >> Wow, big acquisition news in the static code analysis space announced today: >> >> http://news.prnewswire.com/DisplayReleaseContent.aspx?ACCT=104&STORY=/www/story/07-28-2009/0005067166&EDATE= >> >> >> Cheers, >> >> Ken >> >> ----- >> Kenneth R. van Wyk >> KRvW Associates, LLC >> http://www.KRvW.com >> >> (This email is digitally signed with a free x.509 certificate from CAcert. >> If you're unable to verify the signature, try getting their root CA >> certificate at http://www.cacert.org -- for free.) >> >> >> >> >> >> >> _______________________________________________ >> Secure Coding mailing list (SC-L) SC-L@securecoding.org >> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l >> List charter available at - http://www.securecoding.org/list/charter.php >> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) >> as a free, non-commercial service to the software security community. >> _______________________________________________ >> >> > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________