[Owasp-leaders] IBM/Rational Static Analysis
Marco M. Morana
marco.m.morana at gmail.com
Fri Mar 6 18:39:29 EST 2009
IBM is well positioned to leverage integration with other IBM SDLC IDEs such
as Rational AD as well as to integrate with Appscan DE to provide hybrid
tools for SDLC.
Not sure that IBM strategy around SAST (Static Application Security Testing)
means making it free for two main reasons:
1) They also invested heavily in R&D on this with patented string analysis
as alternative to taint analysis (this is staff being developed at Watson
labs by Marco Pistoia & Co)
2) Several players in this field plan to offer source code analysis as a
service
Regards
Marco Morana
----- Original Message -----
From: "Andre Gironda" <andreg at gmail.com>
To: <owasp-leaders at lists.owasp.org>
Sent: Friday, March 06, 2009 12:49 PM
Subject: Re: [Owasp-leaders] IBM/Rational Static Analysis
> On Fri, Mar 6, 2009 at 8:46 AM, McGovern, James F (HTSC, IT)
> <James.McGovern at thehartford.com> wrote:
>> Anyone here ever looked into the IBM/Rational offering around static
>> analysis? IBM may have a strategy to bundle with other products
>> effectively
>> making static analysis free for larger enterprises.
>
> John Steven wrote a bit on IBM AppScan DE -
> http://www.cigital.com/justiceleague/2009/01/22/let-the-posturing-begin/
>
> Jim Manico, Jeff Williams, and I discussed hybrid analysis on OWASP
> Podcast #8:
> http://www.owasp.org/download/jmanico/owasp_podcast_8.mp3
> Both the above post, as well as the Ounce O2 project are discussed
> (all in the first 10 minutes - you don't even need to listen to the
> whole thing!) ;>
>
> Cheers,
> Andre
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
More information about the OWASP-Leaders
mailing list