IBM leverages the technology from its Ounce Labs acquisition to deliver a new security solution from its Rational tools group.
has tapped its Rational tools division to deliver new software that advances
for announcement on Dec. 3, IBM's new
software and analysis capabilities provide a more efficient and accurate way to
help organizations design, build and manage secure applications, the company
new offering is based on software IBM got
through its acquisition of Ounce Labs.
officials said the new software consolidates software vulnerability analysis
and reporting into a single view across the enterprise. With this solution,
developers can assess security threats across the entire software development
lifecycle, enabling global development teams to easily identify and test
security exposures, and help reduce the risks and costs associated with
security and compliance concerns, IBM said.
example, said IBM, organizations can use the
software to automate application security audits and source code scanning to
ensure that the network and Web-based applications are secure and compliant.
This delivers improved accuracy of vulnerability identification and
new security offerings include enhancements to the IBM
Rational AppScan portfolio that further simplify security vulnerability
analysis and identification for software developers, IBM
said. Moreover, as part of the new features, IBM
Research provided string analysis, a software development capability that helps
simplify the security testing process by automatically detecting and verifying
which Web application development input needs to be cleansed to remove security
risks. This capability helps accelerate the accuracy and efficiency of security
testing by the development community, regardless of their security expertise.
according to IBM's 2010 mid-year X-Force
Trend Report, 55 percent of all vulnerabilities come from Web applications,
making it the greatest source of risk for organizations. The research indicates
that computer security threats rose by 36 percent in the first half of 2010,
resulting in more than 4,000 new vulnerabilities being documented compared to
addition,Web applications are often vulnerable due to a lack of
built-in security. To reduce these risks, organizations need to implement
security strategies that ensure applications are designed securely across the
entire development lifecycle, from start to finish, IBM
said in a press release about its new security solution. Finding ways to extend
security analysis across more testers in the security process and employing
multiple testing techniques will result in higher-quality and more secure
vulnerabilities become more prevalent, testing across the entire development
lifecycle without having to invest in additional development resources and
skills is significant for the bottom line," said Steve Robinson, general
manager of IBM Security Solutions, in a
statement. "Through the ongoingvalue brought by the
acquisitions of Ounce Labs and Watchfire, combined with our R&D expertise,
we can now provide more comprehensive security governance, collaboration and
risk management solutions that further protect organizations from malicious
the new advancements in the IBM Rational
AppScan portfolio simplify and automate security scanning with new hybrid
analysis capabilities, improving vulnerability identification and remediation.
The hybrid analysis provides automated correlation of results from static code
analysis and dynamic analysis to increase vulnerability identification in
enhancements to the IBM Rational AppScan
portfolio include a consolidated view of vulnerabilities with hybrid analysis
reporting, broader scanning access to identify blind spots, a simplified
security assessment process and support for multiple frameworks, IBM
addition, IBM announced support for federal
security protocol, CAC/PKI,
for the IBM Rational Software portfolio. The CAC/PKI protocol enhances the
ability of governments globally to prevent unauthorized access to physical and
digital environments, which compromise the security of military and national
initiatives. IBM provides a full range of services for the detailed design,
development and implementation of smartcard/biometrics and CAC/PKI
implementations as part of the efforts to deliver full software lifecycle
support of CAC/PKI and other security protocols.
Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.