[Owasp-leaders] IBM/Rational Static Analysis

Brian Bertacini brian at appsecconsulting.com
Fri Mar 6 12:19:24 EST 2009



I looked at the IBM Rational AppScan Developer Edition a couple of months
ago.  For the record, we currently use Fortify and Ounce for static
analysis.  In my opinion, AppScan DE is not ready for prime time.especially
in an enterprise environment.  On the other hand, I am very excited about
their vision and the ability to correlate runtime and static analysis.   I'm
sure their solution will improve with time.  It's also worth noting the
solution only support Java at the present time.  I will be keeping a close
eye on their developments over time.  I know some folks at Cenzic, I believe
they are looking to integrate static analysis into the Hailstorm solution
too.  In my opinion, it is valuable to combine runtime and static analysis
to get a more comprehensive risk profile.  


My $.02,


Brian Bertacini, CISA, PCI-QSA
AppSec Consulting, Inc.


From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of McGovern, James
Sent: Friday, March 06, 2009 8:46 AM
To: owasp-leaders at lists.owasp.org
Subject: [Owasp-leaders] IBM/Rational Static Analysis


Anyone here ever looked into the IBM/Rational offering around static
analysis? IBM may have a strategy to bundle with other products effectively
making static analysis free for larger enterprises.

This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information.  If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited.  If you
are not the intended recipient, please notify the sender immediately by
return e-mail, delete this communication and destroy all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090306/ee025f29/attachment.html 

More information about the OWASP-Leaders mailing list