[Owasp-leaders] IBM/Rational Static Analysis

Marco M. Morana marco.m.morana at gmail.com
Fri Mar 6 18:39:29 EST 2009

IBM is well positioned to leverage integration with other IBM SDLC IDEs such 
as Rational AD as well as to integrate with Appscan DE to provide hybrid 
tools for SDLC.

Not sure that IBM strategy around SAST (Static Application Security Testing) 
means making it free for two main reasons:
1) They also invested heavily in R&D on this with patented string analysis 
as alternative to taint analysis (this is staff being developed at Watson 
labs by Marco Pistoia & Co)
2) Several players in this field plan to offer source code analysis as a 


Marco Morana

----- Original Message ----- 
From: "Andre Gironda" <andreg at gmail.com>
To: <owasp-leaders at lists.owasp.org>
Sent: Friday, March 06, 2009 12:49 PM
Subject: Re: [Owasp-leaders] IBM/Rational Static Analysis

> On Fri, Mar 6, 2009 at 8:46 AM, McGovern, James F (HTSC, IT)
> <James.McGovern at thehartford.com> wrote:
>> Anyone here ever looked into the IBM/Rational offering around static
>> analysis? IBM may have a strategy to bundle with other products 
>> effectively
>> making static analysis free for larger enterprises.
> John Steven wrote a bit on IBM AppScan DE -
> http://www.cigital.com/justiceleague/2009/01/22/let-the-posturing-begin/
> Jim Manico, Jeff Williams, and I discussed hybrid analysis on OWASP 
> Podcast #8:
> http://www.owasp.org/download/jmanico/owasp_podcast_8.mp3
> Both the above post, as well as the Ounce O2 project are discussed
> (all in the first 10 minutes - you don't even need to listen to the
> whole thing!) ;>
> Cheers,
> Andre
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders 

More information about the OWASP-Leaders mailing list