With the acquisition of Fortify Software by Hewlett-Packard this week, it’s clear that the major vendors are beginning to zone in on application security.
As attacks across the security landscape shift toward applications and away from operating systems and the network perimeter, responsibility for security is increasingly shifting toward developers.
Although Fortify has been a long-time partner of HP, Subbu Iyer, senior director of products for HP Software, said HP felt that the need to bring security and application development teams closer together created a requirement to bring Fortify’s products inside the HP portfolio.
The challenge, said Iyer, is that even when security teams identify issues, there’s no easy process by which those problems can be identified and remediated within the application quality control process.
As companies such as HP and IBM work to solve this issue, however, they are likely to find that relative upstarts such as Coverity and CAST Software are already addressing the issue from a perspective of quality control. Coverity, which recently partnered with Armorize Technologies, is capturing application security data and identifying them as defects during the application development process. CAST Software, meanwhile, includes security issues as part of its tools for analyzing ERP applications.
The end result is that a lot more security issues begin to be addressed during the development process, rather than after the fact.
Unfortunately, it may take a while before IT organizations can alter their processes to take into account new approaches to application security. But as IT organizations address application security issues within the context of the application development process, it means that major improvements to application security and quality are finally in the offing.