Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Dynamic analysis better for staying ahead of hackers

Fortify : 26 September, 2008  (Technical Article)
Whilst welcoming IBM into the market of static analysis, Fortify believes that the most comprehensive protection comes from a more dynamic approach
Fortify Software sees IBM's late entry into the static analysis marketplace as a limited step in the right direction.

Fortify notes that IT research firm Dataquest reports Fortify's revenue led the entire application security testing market, including IBM's dynamic testing product line.

'Competition is always good for the industry, but it's the customer that makes the final decision as to which product or service they source,' said Barmak Meftah, Fortify's senior vice president of products and technology.

'It's therefore worth noting that Fortify's static analyzer covers 17 programming languages, whereas IBM addresses a lot less. In addition, our analyzer can discover more than 315 types of vulnerabilities, whereas IBM uncovers far fewer,' he added. "Also, Fortify can support seven major IDEs beyond just IBM Eclipse."

According to Meftah, for IT security experts whose job - particularly in these economically challenging times - depends on ensuring that ALL vulnerabilities are revealed, Big Blue's offering might keep some of the hackers out.

But not all of them.

'And the ones that get through will probably be the ones that have architected the most complex attack vectors,' he noted.

Meftah went on to say that IBM's offering leads with dynamic security analysis via the Watchfire AppScan pen testing capability.

But, he said, effective communication and interaction with developers requires an 'extensive inside out, code-level knowledge approach' compared to the 'outside in' black box capability that Watchfire brings to the IT security table.

It's also worth recognising, he added, that Fortify's offering was built around the language and environment to optimally support developers.

'Of course, application vulnerability is what we have specialized in since we were founded in 2003. IBM, in contrast, has produced mainframes, minicomputers, PCs, and software,' he said.

'If you want convenience, you go to the convenience store. If you want high quality, however, you go to the specialist,' he added.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo