HOME ALL STORIES LATEST NEWS COLUMNS OPINIONS EDITORIALS GUEST VIEWS SHORT TAKES DATA WATCH SPECIAL REPORTS ZEICHICK'S TAKE SD TIMES 100 EDITORS' BLOG

RSS FEEDS

FACEBOOK

TWITTER

WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH SYSMANNEWS SPTECHCON ESDC IPHONEDEVCON PRIVACY POLICY CONTACT US

Printable version

HOME >> LATEST NEWS

Most Read Latest News Blog Resources

Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

Does Windows cost Microsoft opportunities?
Microsoft's decision to focus .NET on Windows is stifling innovation due to the specter of...

OSBC focus turns to best practices for open-source adoption
Businesses are no longer asking why they should adopt, but how do they use open source leg...

Maven Studio for Eclipse gets developers up to speed
Sonatype tool simplifies onboarding by giving developers a way to easily deploy fully conf...

nVidia updates CUDA tools
Latest version helps developers turn desktops and servers with high-end GPUs into more pow...

Scrum Planning Board adds automation to Axosoft OnTime
Illustrations are also included to assist Scrum-using developers a better view of what the...

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.

Overcoming Development Challenges with Open Source Open source software can help you with your application development challenges. It doesn’t...

Accelerate Services and the Cloud Business units, functional groups, and different divisions of companies across industries...

Enterprise Mashup Platforms for Today’s Increasingly Complex and Real-Time Context Enterprise Mashups offer your company a new way to connect data from inside and outside yo...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Whats Your Security Story?

A look at what some of the major companies are doing

By Jeff Feinman

August 1, 2007 —

So, where’s the chain reaction?

Many in the industry, analysts and pundits alike, agreed that the acquisition agreements announced in the past two months involving Watchfire (by IBM) and SPI Dynamics (by HP) would spark more consolidation in that space.

However, as many turned their eyes to other industry big dogs such as Microsoft and Oracle, the security acquisition front has remained quiet. Some of the companies have taken their own approach to dealing with security at the developer level, either creating original tools or allowing plug-ins for third-party offerings.

Microsoft offers security tools in its Visual Studio Team Suite, including Static Code Analyzer, which can automatically perform code reviews. For different projects, developers can select from the different rules run by Static Code Analyzer. Visual Studio also includes check-in policies to help ensure consistent code quality. These policies can be set to analyze code and execute test cases.

Borland Software is taking the approach of allowing plug-ins of security analysis tools to its build and test automation system, Gauntlet. The tool can handle plug-ins for security tools such as Cenzic’s Hailstorm and Fortify’s Source Code Analysis Software.

“I don’t think Borland is at the point yet where we’ve looked at acquiring somebody in this space because there are so many different vendors focused on different aspects of security,” said Marc Brown, director of product marketing for Borland. “I think the first thing we need to do is ensure that our Open ALM strategy is realized by making sure customers are looking at different types of security analysis technologies and can use those effectively in our ALM suite.”

When asked how Borland’s technologies could measure against an acquisition of a full security company, Brown said the critical thing for the company is its ability to allow organizations to use any tool with

its ALM platform, which doesn’t prevent someone from using SPI Dynamics or Watchfire technologies with Borland’s suite.

As for the popular IDE offered by Eclipse, there are not any projects in the works around developer security, according to Ian Skerrett, director of marketing for the Eclipse Foundation.

Despite repeated requests, Sun and Oracle would not provide comment for this story.

Share this link: http://www.sdtimes.com/link/30988

RSA keynote: Lack of security in the cloud breeds distrust Experts say that until cloud security standards mature and are adopted more widely, adoption will be tepid

Fortify, HP give hybrid view of app security By correlating results of dynamic testing and static code analysis, Hybrid 2.0 offers improved vulnerability resolution

Application security, IBM style Jack Danahy, founder of Ounce Labs, discusses acquisitions by IBM and what he sees in the security space

Add comment

Name*
Email*
Country

Comment
Preview

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST