Watchfire Looks to Provide End-to-End App Security

Watchfire CTO Michael Weider discusses the future of his company four months after its acquisition by IBM.

With a new product on the way and the companys acquisition now a few months old, Watchfire Chief Technology Officer Michael Weider has his eye on the future.

Watchfire was acquired by IBM in July. On Nov. 19, the IT giant will officially release IBM Rational AppScan 7.7, a Web application security tool based on Watchfires flagship AppScan product. The product identifies, validates and reports on gaps in Web applications.

The latest version includes new features such as Scan Expert and State Inducer designed to make the product easier to use for IT professionals with less of a background in application testing. It also includes recorded Web-based training to educate users on application security and compliance to industry standards.

"Application security is one of the hottest issues and fastest-growing segments in security today," Weider said.

With the new product now under the companys belt, Watchfire will expand its traditional security footprint in 2008 as part of a broader push into the security market by IBM.

"In addition to building stand-alone security testing products, we also want to bring to market a broader, end-to-end solution for application security," he said. "We are working with Rational, IBM and Tivoli to develop this. Our vision is to help customers operationalize application security by making it part of their existing processes versus something that is done outside the software process, as it is today. This means supporting all aspects of the software development life cycle, integrating into the requirements definition, design, coding, testing and production processes."

A few weeks ago, IBM pledged to invest $1.5 billion on security-related efforts in 2008 to help businesses protect data and manage risk across five domains: information security, threat and vulnerability, application security, identity and access management, and physical security.

Watchfire is leading the application security segment strategy and is working with IBM Internet Security Systems and Tivoli, Weider said. Watchfire is also helping IBM Rational strengthen its position in the quality management market by adding security testing capabilities to its existing portfolio of products, he added. Finally, the companys tools will help expand IBMs role in the governance, risk and compliance markets, he said.


Click here to read more about IBMs acquisition of Watchfire.

With all that on the menu, the company has no plans to stray far from its bread and butter of Web application scanning.

"We will continue to advance the stand-alone products and core technology behind IBM Rational AppScan," Weider said. "That means improving further the scanning engine to enhance support for new Web technology platforms like AJAX [Asynchronous JavaScript and XML], adding new security tests to find new problems and further improving the accuracy of the product."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.