Application Security Vendors Armorize, Coverity Partner
Coverity is teaming with Armorize Technologies to help their customers better manage application security.
With new integration between Armorize CodeSecure and Coverity's static analysis tool - slated to be available later this year - is the vendors' bid to unify the code analysis and remediation efforts of development and security teams. The coupling of the two products will allow organizations to assign ownership of software bugs and track their remediation without having to manage separate security tools, explained Andy Chou, chief scientist at Coverity.
"What we're doing is we're taking the source code from the existing repositories that developers have (and) we're pulling that into the Coverity Integrity Manager, which will distribute that code to get analyzed by both the static analysis from Coverity for quality defects and the CodeSecure server from Armorize for security defects," Chou said.
"We're having developers triage the quality defects and the security experts triage the security defects because that's what they know, that's what they understand the best...once that triage is over, we're pushing those defects back into the Integrity Manager and then giving the developers a single, unified view of all of the defects from both of these sources," he continued.
The integration will unite two parts of the secure code development process. While Coverity is focused on crash-causing defects such as buffer overflows and concurrency problems, Armorize CodeSecure can be used to search for Web application vulnerabilities such as SQL injection.
As opposed to a developer having to log into and review issues in a security product or a security pro having to log in and view issues in a development product, this integration will allow both sides to look at the problems from an area they are comfortable with, explained Armorize CEO Caleb Sima in an interview with eWEEK.
"We've been forcing developers to adapt to security, but the only effective way to address this risk is to have security adapt to the way developers work," Sima said in a statement. "Not the other way around. The Coverity and Armorize integration will be the first step in solving this problem."