Secure Coding mailing list archives
Integrated Dynamic and Static Scanning
From: James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))
Date: Wed, 29 Jul 2009 09:05:43 -0400
Sometimes integration is a good and bad thing. I hope that my Ounce enhancement request for integration with HP Quality Center and Archer GRC doesn't get deprioritized over rebranding efforts. Likewise, this also has the potential of causing many more IBM employees than current to pay attention to the needs of secure code. -----Original Message----- From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Brad Andrews Sent: Tuesday, July 28, 2009 5:03 PM To: sc-l at securecoding.org Subject: [SC-L] Integrated Dynamic and Static Scanning Partnering is not the same thing as having a single owner for both tools. I also believe WhiteHat is "hire them and they do it" model, though they do put hardware in your enterprise. IIRC, you could not do all the work yourself if you had whatever components they provided. I don't think AppScan and the Ounce programs will be integrated to this extent soon, but it would be much easier, since they are both in the same company. That level of integration is highly unlikely without the "common owner" this deal provides. The end result may or may not be better, especially if they take the IBM trend of charging more rather that the simpler model Ounce was taking recently. (Though was that sustainable?) I would be interested in hearing how the Fortify/WhiteHat integration worked. -- Brad Andrews RBA Communications CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI
Fortify (www.fortify.com) has Partnered with WhiteHat Security (www.whitehatsec.com) too
_______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________ ************************************************************ This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************
Current thread:
- IBM Acquires Ounce Labs, Inc., (continued)
- IBM Acquires Ounce Labs, Inc. Arian J. Evans (Aug 04)
- IBM Acquires Ounce Labs, Inc. Wall, Kevin (Aug 04)
- IBM Acquires Ounce Labs, Inc. Arian J. Evans (Aug 04)
- IBM Acquires Ounce Labs, Inc. Steven M. Christey (Aug 05)
- IBM Acquires Ounce Labs, Inc. Romain Gaucher (Aug 05)
- IBM Acquires Ounce Labs, Inc. Steven M. Christey (Aug 05)
- IBM Acquires Ounce Labs, Inc. Matt Fisher (Aug 05)
- IBM Acquires Ounce Labs, Inc. Arian J. Evans (Aug 05)
- Integrated Dynamic and Static Scanning Brad Andrews (Jul 28)
- Integrated Dynamic and Static Scanning McGovern, James F (HTSC, IT) (Jul 29)
- Integrated Dynamic and Static Scanning Brad Andrews (Jul 29)
- Message not available
- Integrated Dynamic and Static Scanning Brad Andrews (Jul 29)