What’s Your Security Story? - SD Times On The Web

RSS FEEDS

ADVERTISER
LINKS

activePDF

Alexsys

InstallAware Software

Programmer's Paradise

AS OF 5/17/2008 5:46AM EST

What’s Your Security Story?
A look at what some of the major companies are doing
By Jeff Feinman

August 1, 2007 — So, where’s the chain reaction?

Many in the industry, analysts and pundits alike, agreed that the acquisition agreements announced in the past two months involving Watchfire (by IBM) and SPI Dynamics (by HP) would spark more consolidation in that space.

However, as many turned their eyes to other industry big dogs such as Microsoft and Oracle, the security acquisition front has remained quiet. Some of the companies have taken their own approach to dealing with security at the developer level, either creating original tools or allowing plug-ins for third-party offerings.

Microsoft offers security tools in its Visual Studio Team Suite, including Static Code Analyzer, which can automatically perform code reviews. For different projects, developers can select from the different rules run by Static Code Analyzer. Visual Studio also includes check-in policies to help ensure consistent code quality. These policies can be set to analyze code and execute test cases.

Borland Software is taking the approach of allowing plug-ins of security analysis tools to its build and test automation system, Gauntlet. The tool can handle plug-ins for security tools such as Cenzic’s Hailstorm and Fortify’s Source Code Analysis Software.

“I don’t think Borland is at the point yet where we’ve looked at acquiring somebody in this space because there are so many different vendors focused on different aspects of security,” said Marc Brown, director of product marketing for Borland. “I think the first thing we need to do is ensure that our Open ALM strategy is realized by making sure customers are looking at different types of security analysis technologies and can use those effectively in our ALM suite.”

When asked how Borland’s technologies could measure against an acquisition of a full security company, Brown said the critical thing for the company is its ability to allow organizations to use any tool with

its ALM platform, which doesn’t prevent someone from using SPI Dynamics or Watchfire technologies with Borland’s suite.

As for the popular IDE offered by Eclipse, there are not any projects in the works around developer security, according to Ian Skerrett, director of marketing for the Eclipse Foundation.

Despite repeated requests, Sun and Oracle would not provide comment for this story.

EMAIL THIS ARTICLE

SEND FEEDBACK

MORE NEWS

(NEW!)

SUBSCRIBE TODAY

E-Newsletters:

News on Mon/Thurs.
Test & QA Report
EclipseSource

SUBMIT

CUSTOMER SERVICE

Download Current
Issue Now!

ISSUE 5/15/2008 PDF

Need Back Issues?

DOWNLOAD HERE

Moving? Take
SD Times With You!

CHANGE ADDRESS

EVENTS CALENDAR

IDUG (International DB2 Users Group)
5/18/2008 to 5/22/2008
Dallas
IDUG

BREW 2008
5/28/2008 to 5/30/2008
San Diego
Qualcomm

RailsConf
5/29/2008 to 6/1/2008
Portland
O'Reilly Media

IBM Rational Software Development Conf.
6/1/2008 to 6/5/2008
Orlando
IBM Rational

TechEd 2008 Developers
6/3/2008 to 6/6/2008
Orlando
Microsoft

MORE EVENTS

SD TIMES 100

5th Annual SD Times 100

It's time once again to
recognize the organizations
or individuals that have
demonstrated leadership in
their markets.

GET NOTIFIED

On the latest white papers,
software downloads. Web
seminars and conferences.

Submit