LOGIN | REGISTER NOW | SUBSCRIBE
 
Print

Application security, IBM style


By Jeff Feinman


 Jeff Feinman
Email
December 31, 2009 —  (Page 1 of 3)
Jack Danahy, founder and former CTO of Ounce Labs, is now spreading his knowledge and enthusiasm for application security to IBM. When Big Blue acquired the source code analysis firm in July 2009, Danahy was named security executive in office of the CTO for IBM Rational. Since then, he’s been helping to weave Ounce’s products into IBM Rational, and he recently spoke with SD Times about how that is being done and what is in store for application security in general.

SD Times: How will IBM be utilizing Ounce’s technologies in the coming months?
Jack Danahy: We benefit from the fact that the group within IBM Rational already knew a lot about application security. This wasn’t just a technology purchased by an organization interested in getting into security. It was the next step in the fulfillment of a strategy that IBM has talked about a lot in terms of improving their ability to treat a wide variety of security problems.

So our first steps over the next few months…involve finding ways in which we can leverage what we have in the source code scanning technology with existing products at IBM, such as Rational AppScan. By existing within the Rational group, we’re finding ways to integrate the technology further and further back within the product development life cycle.

I think the most material thing that will happen short-term will be integrating the presentation of scan results so that customers of either technology, whether they be existing Ounce Labs customers interested in the AppScan family or existing AppScan customers interested in going back to the source code, will benefit.

Describe the transition into IBM and how Ounce’s technology was brought in and meshed with IBM’s current assets.
The main body of the IBM Rational security platform was involved in testing operational systems through penetration testing. They had done some work in advanced platform analysis from a source code perspective, and it was actually that work that led them to the conclusion that IBM customers needed a lot of help in the area. That technology from IBM, which is called Rational AppScan Source Edition, is meant to look at the source code itself as it exists in a development environment or in its own environment. Integrating Ounce with that technology is the first step.



Related Search Term(s): IBM, Ounce Labs, security

Pages 1 2 3 


Share this link: http://sdt.bz/34026
 
Most Read  Latest News  Resources
SAP unveils SAP HANA platform innovations for Big Data and spatial processing
Features include smart data access and expanded cloud deployment options
Alteryx raises $12 million to put Big Data analytics in the hands of all business analysts
Quest founder's firm, Toba Capital, selects Alteryx as its first analytics investment
Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1
Jelastic launches new version of its Java and PHP hosting platform
Jelastic today announced the launch of a new version of its ultra-scalable cloud hosting platform
Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter


close
NEXT ARTICLE
IBM acquires security testing company Ounce Labs
Ounce's source code analysis software is expected to extend IBM’s application security and compliance products Read More...
 
 
 




News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>

   
 
 

 


Download Current Issue
MAY 2013 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?