HP Fortifies Threat Intelligence

HP expands the threat intelligence landscape and revives an initiative to improve open-source code quality.

Hewlett-Packard is bolstering its security initiatives with new university outreach, threat collection and open-source code scanning efforts.

According to research from the Ponemon Institute cited by HP, in 2014 as many as 40 percent of security jobs will be vacant and unfilled due to a lack of skilled professionals, which is a challenge that HP wants to help solve.

"Adversaries are mounting more successful attacks, and at the same time there is a significant skill and resource gap between the IT security industry and adversaries," Jacob West, CTO of Enterprise Security Products at HP, told eWEEK.

To help improve the current state of IT security, HP today announced that it is improving its HP Threat Central intelligence service. Threat Central helps organizations share information and analysis about current threats in a highly automated way. It already provides HP's own research to users as well as enables enterprises to share their own information. Now HP is augmenting the Threat Central service with intelligence from a network of partners, including Blue Coat, Trend Micro and Arbor Networks. West said he expects the network of HP Threat Central partners to continue to grow in the coming months and years.

From an education perspective, HP is expanding its university outreach efforts with a new $250,000 grant to support a scholarship for women pursuing an education in IT security. West said that a scholarship of up to $10,000 for an individual student may be issued.

HP is also making HP software available for use in classrooms and research. Previously, HP made its Fortify code scanning technologies available to universities, but is expanding the effort to include HP ArcSight and TippingPoint technologies as well.

Open Source

In addition, HP is improving its security outreach to the open-source software community by reviving a program that had been dormant. The Fortify Open Review Project, which was active prior to HP's acquisition of Fortify in 2010, makes Fortify's static code analysis software freely available to contributors of popular open-source projects, West said. The goal is to help the open-source projects improve code quality.

"What we're announcing now is the revival of this project on top of the Fortify On Demand software-as-a-service platform, providing a cloud-based solution for static analysis," West said. "As a side benefit, the analysis of those open-source projects is also made available to Fortify On Demand customers."

The benefit to enterprises is that they can now get some visibility into code analysis from open-source projects that they might be leveraging, he said. Open-source projects, on the other hand, get the benefit of being able to freely use an enterprise-grade security scanning solution.

HP Fortify Open Review isn't the only such static analysis tool to be made available to the open-source community. Static code analysis vendor Coverity has a similar effort available for open-source code as well.

The open-source projects that HP Fortify Open Review will include as part of its relaunch are ones that West said are the most impactful and relevant.

"We are also more than happy to accept requests from open-source projects that want to benefit from this type of analysis," West said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.