Zeichick's Take: Who's Got the Security Tools?
June 21, 2007 —
(Page 1 of 2)
The software security tools market has been ripe for picking, for two reasons:
• We had a lot of small, privately held companies developing exciting, but in many cases, overlapping, technology, but those companies had trouble finding customers and going to market. Their exit strategy is to be gobbled up by a big fish.
• The big fish were significantly behind the times when it came to integrating security into their developer tools. Their business models favor buy-it instead of build-it for this type of technology, but they weren't buying.
Until recently, that is. Until this month, none of the big fish, like IBM Rational, Mercury (now part of HP), Microsoft, Oracle, Sun or Borland/CodeGear, had integrated security as part of their IDEs, test/QA tools or application life-cycle suites. The notable exception has long been Compuware, with its DevPartner SecurityChecker. It's only been a matter of time before the fish started munching, and frankly, I expected the feeding frenzy to start quite a while ago.
The dam broke a couple of weeks ago, when IBM announced the acquisition of Watchfire. On Tuesday, we had the second big move, as Hewlett-Packard said it will buy SPI Dynamics.
This is only the start. Microsoft needs to incorporate a top-quality security solution into Visual Studio Team System, encompassing not only the edition for software testers, but also the editions for architects and developers. This is a glaring weakness. While Microsoft could build the functionality itself (as it did with the other ALM tools in Team System), it would do better buying one of the existing players, and that's what I think the company will do.
Oracle is in a similar situation: It also doesn't have software security functionality, either baked into its tools or as standalone offerings. It's hard to predict what Oracle will do, whether it will build it, buy it or ignore it.
Borland and its CodeGear subsidiary are also behind the times. Software is a core part of the application life cycle, but there's no specific security offering in the Borland pantheon, even in its Silk and Gauntlet tools. As with Microsoft, Borland could build or buy, but I expect the company to buy it. I hope whatever it does gets baked back into the CodeGear IDEs; that's where software security belongs, as tightly integrated into the developer desktop as spellcheck is integrated into a word processor.
Share this link: http://sdt.bz/30759
Most Read Latest News Blog Resources
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
From the Editors: Node.js is unruly, but that’s where the fun is
The time to get involved with Node.js is now; Hadoop is about to break its own barriers
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
|
Zeichick’s Take: Looking for the best of the best of the best
It's time once again for readers to send in nominees for the SD Times 100
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
|
Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles
|
|
Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions
|
Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
|
|
RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
|
|
GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
|
|
Facebook claims hacker cred
Facebook's SEC S-1 filing form includes a short essay on the Hacker Way by Mark Zuckerberg himself.
|
The Hidden Costs of Software Licensing
Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...
|
|
Case Study: You May Need a Development Mechanic
As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...
|
|
Ensuring Software Quality at a Major International Bank
One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...
|
|
Load Testing Adobe Flex Applications
Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...
|