IBM looks to pair security technologies for software development

Former Watchfire and Ounce Labs capabilities would be partnered in an enterprise-level product to be released later this year

Honing in on the need for more security in application development, IBM Rational is planning an enterprise-level  product that features two separately acquired technologies for security testing and code scanning.

The product, which would be released later this year, would feature Rational AppScan testing capabilities, acquired when IBM bought Watchfire in 2007, and the former Ounce Labs software that checks code for security issues, said David Grant, director of security solutions at Rational, in an interview late last week. IBM bought Ounce last year.

[ InfoWorld reported last month on Microsoft forging a linkage between SDL and agile development projects via a downloadable template. ]

"[The combined product] brings a whole new level of accuracy to security testing,"  Grant said.

AppScan has tested software from the inside, looking at applications already built, while Ounce does inside-out testing of source code for security flaws. "What we're working on is really bringing those two together," said Grant. IBM furthered development of AppScan in 2008 to feature analysis during the software development process.

AppScan technology, Grant said, has been embedded in Rational software delivery lifecycle products, such as RequisitePro and Quality Manager. Ounce technology also is being incorporated into Rational offerings.

Application security is becoming more important because software is driving everything these days and Web applications are front-ending business application, Grant said. This can expose systems to outsiders, including malicious individuals, who can access sensitive information, Grant said. But security typically has not been at the forefront of software development, he said.

"The problem with application security is developers typically aren't trained, aren't incented, to be honest with you," to prevent security flaws in applications, Grant said. Security issues can occur such as SQL injection, in which a database gives improper access to information, or cross-site scripting, in which a  browser session is hijacked.

Most software development shops lack security knowledge, said analyst Chenxi Wang, of Forrester.

"Developers largely do not care about security, nor do they have time to. Therefore, what we are seeing is that the high end of the market - the more sophisticated development shops, start to have security mandates but the majority of the development shops are far, far behind in terms of knowledge about security in development and the willingness to do something about it," Wang said.

Also becoming an issue in secure application development is cloud application deployment. "Cloud is yet another driver of exposing more critical business apps [in] the wild," said Grant.  "Out in the Web, when you're building cloud-enabled systems, you've got to make sure to put them through the secure lifecycle as well."

IBM is not the only major vendor focusing on security for application development. Microsoft has released its SDL (Security Development Lifecycle) best practices for this purpose.

"SDL is a set of best practices and partnerships. They don't actually have security testing products," embedded in their software, Grant said.

This story, "IBM looks to pair security technologies for software development," was originally published at InfoWorld.com. Follow the latest developments in software development at InfoWorld.com.

Read more about developer world in InfoWorld's Developer World Channel.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags software developmentIBMsecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Krill

InfoWorld
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?