Comparing Scanning Tools

[joe at joeteff.com (Joe Teff)]

Fortify is a company with several products. Which product are you 
referring to? I've used some of thier products (and think highly of 
them), but I have not used all of them. What I like most about thier 
approach is they are trying to address all parts of the life cycle. The 
IDE plug-in enforces secure development at the point that code is 
written/changed. The scanner/workbench supports the build and audit 
processes. Other components work at runtime. Are they perfect? Honestly, 
I've not seen anything that is ever perfect. Are they good and getting 
better? I belive so.

jt
-----Original Message-----
From: "McGovern, James F (HTSC, IT)" <James.McGovern at thehartford.com>
To: <sc-l at securecoding.org>
Date: Mon, 5 Jun 2006 16:50:17 -0400
Subject: [SC-L] Comparing Scanning Tools

> The industry analyst take on tools tends to be slightly different than
> software practitioners at times. Curious if anyone has looked at
> Fortify and has formed any positive / negative / neutral opinions on
> this tool and others...
>
>
> ***********************************************************************
> **
> This communication, including attachments, is
> for the exclusive use of addressee and may contain proprietary,
> confidential and/or privileged information.  If you are not the
> intended
> recipient, any use, copying, disclosure, dissemination or distribution
> is
> strictly prohibited.  If you are not the intended recipient, please
> notify
> the sender immediately by return e-mail, delete this communication and
> destroy all copies.
> ***********************************************************************
> **
>
>
> _______________________________________________
> Secure Coding mailing list (SC-L)
> SC-L at securecoding.org
> List information, subscriptions, etc -
> http://krvw.com/mailman/listinfo/sc-l
> List charter available at -
> http://www.securecoding.org/list/charter.php