Watchfire, Fortify Team Up

Security vendors partner around web app scanning

Web application security specialist Watchfire and code inspection expert Fortify Software on Aug. 14 launched a new partnership aimed at cashing in on growing concerns over online business security.

Enterprise customers are increasingly looking for integrated products to help improve security throughout the Web application development and maintenance process, executives from the companies said.

To satisfy that demand, the new partners announced that Fortifys Source Code Analysis Suite and Watchfires AppScan offering will be sold in a single package so as to allow customers to better identify, analyze and remediate security vulnerabilities in Web sites and applications.

By tying their software and services more closely together and tapping into the selling power of their respective organizations, Fortify, which provides tools that search for potential flaws in program code, and Watchfire, which markets technology used to test sites and Web applications for vulnerabilities, aim to drive growth for both companies while addressing the demand for integrated tools.

"There are a lot of different issues that you can catch when looking at the status of source code, and when the application is up and running, that you might not see in independent use of these types of technologies," said Mike Armistead, vice president of marketing at Fortify, in Palo Alto, Calif. "Organizationally, companies always have issues of software developers throwing things over the wall at IT; theres a lot of benefit in adding a system like this that can help bridge those gaps."

Through the partnership, the companies will offer an integrated dashboard that provides a centralized view of information coming from the application testing tools, additional reporting and compliance management features, and improved remediation capabilities, officials said.

Watchfire, of Waltham, Mass., and Fortify already share a number of customers, which will be the first potential audience for the integrated version of the scanning applications, according to the vendors. Officials denied that the two companies may seek to merge, saying that customers continue to demand best-of-breed security technologies integrated by their providers, as opposed to a single security company with a wide range of products.

At least one customer endorsed the deal as beneficial to its ongoing efforts to eliminate online security flaws.

"Scanning both raw source code and compiled Web applications for software vulnerabilities is essential to ensuring the security of application systems," Bruce Bonsall, chief information security officer at MassMutual Financial Group, in Springfield, Mass., said in a statement. "Today we use two different tool sets to accomplish those separate but related tasks. By virtue of such a partnership, the integration of the tools isnt left to the end users, and they dont need to navigate two different interfaces. That helps simplify things and lets users focus on more important issues."

Continuous Bug Squashing

Source code analysis checker Fortify and application scanner vendor Watchfire are teaming up to target security vulnerabilities. Heres what they do separately and combined:

* Watchfires AppScan Scans Web applications before and after deployment, analyzing them for security vulnerabilities

* Fortifys Source Code Analysis Suite Finds, tracks and helps fix code where security vulnerabilities lie, allowing developers to deliver secure software quickly and efficiently

* What the duo does Together, the two applications identify the cause and location of errors throughout Web sites and applications

Source: Watchfire