IBM Stresses App Security | eWeek
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

IBM Stresses App Security

Written By
Darryl K. Taft
Darryl K. Taft
Apr 18, 2005
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

IBM is planning to bolster its development tool set with features to help developers bake security into their applications.

Anthony Nadalin, chief security architect for IBMs Software Group, said IBM is looking to do more to address the issue of security throughout the application life cycle, starting during the requirements process and going straight through to modeling and deployment.

Nadalin said IBM, of Armonk, N.Y., will apply technology to automate the processes of enhancing security in its tools, most likely the Rational Toolset.

“There is a lot of interest in companies building secure applications and how to guarantee that, so were looking at the notion of security in the application life cycle.”

Nadalin said IBM is considering enhancing its modeling capability to enable users to integrate security into the process.

IBM is also considering more of a model-driven application life cycle, “highlighting the security aspects of programming,” Nadalin said. In this scheme, IBM will “check code for security vulnerabilities such as scanning code for public classes. Were looking at the static analysis of code,” he said.

In addition, IBM is thinking of tying the application development process with identity management. “We see the standards becoming increasingly important here,” Nadalin said.

IBM plans to use “the policy-driven aspects of modeling to help developers choose the best way to go,” Nadalin said. The authentication becomes a policy issue, and “you wind up with a policy-driven model.”

IBMs goal is to make sure the developer makes the best decision, according to Nadalin. Applying security measures in the development phase “has been hot on our customers list because compliance is biting them,” he said.

In addition, “finding bugs before an application goes out the door is 40 to 50 times cheaper than finding them after the app is in the field,” Nadalin said.

“You can bake in a certain degree of security, but most tools just find holes … then you have to fix them,” said Thomas Murphy, an analyst with Gartner Inc., in Stamford, Conn.

“Security takes ground-up design and planning upfront to work right. It is nearly impossible to retrofit,” Murphy said. “Otherwise, Microsoft [Corp.] would just run some big tool, and, like magic, Windows would be secure.”

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Darryl K. Taft
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information