IBM just released a new version of AppScan Standard Edition that tests rich, Flash-based Web content and applications, along with AJAX, SOA, and other Web 2.0 content. 

In the past, Watchfire, now a part of IBM, predominantly sold AppScan to security experts including penetration testers and ethical hackers. Mike Weider, former CTO of Watchfire and now IBM Rational's director of  security solutions, said as application security has become a greater concern, the scope of users has gotten larger. But does that mean your average joe developer will know what's going on when AppScan starts blowing in vulnerability reports and bug findings? That's something IBM focused on with this release. 

"Users now include developers and quality assurance people who aren't necessarily trained in application security," Weider said. "So we spent some time in this release on trying to take the knowledge of a security expert and productizing it to help them be able to better leverage the output of our product. Our research showed that about 80% of the time, interacting with the product was spent on analyzing the output. They'd spend 20% of the time using the tool to find problems, and 80% of the time figuring how to validate these problems."

The result is Results Expert. IBM created a technology that puts in the knowledge of a security experts to help walk the user through AppScan's findings, and help them make decisions about what issues are of higher priority. Whether or not that will help development experts master security remains to be seen.