Wow indeed. Does that makes IBM the only vendor to offer both Static
and Dynamic software security testing/analysis capabilities?
Thanks Regards,
Prasad N. Shenoy
On Tue, Jul 28, 2009 at 10:19 AM, Kenneth Van Wykk...@krvw.com wrote:
Wow, big acquisition news in the static code analysis space
Right now, officially, I think that is about it. IBM, Veracode, and
AoD (in Germany) claims they have this too.
As Mattyson mentioned, Veracode only does static binary analysis (no
source analysis). They offer dynamic scanning but I believe it is
using NTO Spider IIRC which is a simplified
Pretty much. Hp /spi has integrations as well but I don't recall devinspect
ever being a big hit. Veracode does both as well as static binary but as asaas
model. Watchfire had a RAD integration as well iirc but it clearly must not
haved had the share ounce does.
-Original Message-
Ah sorry didn't mean to leave you out Tom.
-Original Message-
From: Tom Brennan t...@owasp.org
Sent: July 28, 2009 1:24 PM
To: Matt Fisher m...@piscis-security.com; sc-l-boun...@securecoding.org
sc-l-boun...@securecoding.org; Prasad Shenoy prasad.she...@gmail.com;
Kenneth Van Wyk
Fortify (www.fortify.com) has Partnered with WhiteHat Security
(www.whitehatsec.com) too
Tom Brennan
Board Member - OWASP Foundation
Url: www.owasp.org | Tel: 973-202-0122
http://www.linkedin.com/in/tombrennan
-Original Message-
From: Matt Fisher m...@piscis-security.com
Date: Tue,
A quick note, in the Java world (obfuscation aside), the source and
binary is really the same thing. The fact that Fortify analizes
source and Veracode analizes class files is a fairly minor detail.
Jim Manico
On Jul 28, 2009, at 7:40 AM, Arian J. Evans arian.ev...@anachronic.com
wrote:
At 8:39 AM -1000 7/28/09, Jim Manico wrote:
A quick note, in the Java world (obfuscation aside), the source and
binary is really the same thing. The fact that Fortify analizes
source and Veracode analizes class files is a fairly minor detail.
It seems to me that would only be true for