Wow, big acquisition news in the static code analysis space announced
today:
http://news.prnewswire.com/DisplayReleaseContent.aspx?ACCT=104&STORY=/www/story/07-28-2009/0005067166&EDATE=
Cheers,
Ken
-
Kenneth R. van Wyk
KRvW Associates, LLC
http://www.KRvW.com
(This email is digitally s
Wow indeed. Does that makes IBM the only vendor to offer both Static
and Dynamic software security testing/analysis capabilities?
Thanks & Regards,
Prasad N. Shenoy
On Tue, Jul 28, 2009 at 10:19 AM, Kenneth Van Wyk wrote:
> Wow, big acquisition news in the static code analysis space announced tod
Right now, officially, I think that is about it. IBM, Veracode, and
AoD (in Germany) claims they have this too.
As Mattyson mentioned, Veracode only does static binary analysis (no
source analysis). They offer "dynamic scanning" but I believe it is
using NTO Spider IIRC which is a simplified scann
Pretty much. Hp /spi has integrations as well but I don't recall devinspect
ever being a big hit. Veracode does both as well as static binary but as asaas
model. Watchfire had a RAD integration as well iirc but it clearly must not
haved had the share ounce does.
-Original Message-
From
Ah sorry didn't mean to leave you out Tom.
-Original Message-
From: Tom Brennan
Sent: July 28, 2009 1:24 PM
To: Matt Fisher ; sc-l-boun...@securecoding.org
; Prasad Shenoy ;
Kenneth Van Wyk
Cc: Secure Coding
Subject: Re: [SC-L] IBM Acquires Ounce Labs, Inc.
Fortify (www.fortify.com)
Fortify (www.fortify.com) has Partnered with WhiteHat Security
(www.whitehatsec.com) too
Tom Brennan
Board Member - OWASP Foundation
Url: www.owasp.org | Tel: 973-202-0122
http://www.linkedin.com/in/tombrennan
-Original Message-
From: Matt Fisher
Date: Tue, 28 Jul 2009 11:29:30
To:
A quick note, in the Java world (obfuscation aside), the source and
"binary" is really the same thing. The fact that Fortify analizes
source and Veracode analizes class files is a fairly minor detail.
Jim Manico
On Jul 28, 2009, at 7:40 AM, "Arian J. Evans" > wrote:
Right now, officially,
Partnering is not the same thing as having a single owner for both
tools. I also believe WhiteHat is "hire them and they do it" model,
though they do put hardware in your enterprise. IIRC, you could not
do all the work yourself if you had whatever components they provided.
I don't think
At 8:39 AM -1000 7/28/09, Jim Manico wrote:
> A quick note, in the Java world (obfuscation aside), the source and
> "binary" is really the same thing. The fact that Fortify analizes
> source and Veracode analizes class files is a fairly minor detail.
It seems to me that would only be true for