By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
What we announced at JavaOne was the Parasoft Application Security Solutions. Needless to say, Parasoft has always had security baked into its products. What we've done in this release is provide much more security-based analysis with configurable rules-based analysis based on business demands. Beyond that, from a Parasoft perspective, what we've done is develop a defect-prevention, error-prevention program for security. It's about aligning developer workflow with security language so you can be more productive. How does that work?
Let's say you have a specific policy defined in your organization that you want to be PCI-complaint, plus you have other rules in your organization around security, quality, reliability, maintainability that you want to monitor. So in a code review process, you want certain artifacts to drop in a peer set at the same time. When that does drop, the package of all this data coming together, it's very critical and there's a lot of it. Our security section translates business semantics into technical help so when the developer knows we're supposed to be PCI-complaint, it's not just a rule that is kind of a generic rule -- these are all generic rules -- it's the encapsulation of what that means to the business that is important. So the special security section allows the developer or the peer code reviewer or the code review session to focus on security. That raises the security IQ of the organization. Is it the security domain people who are using this or is it the people working on policy management?
It's both. This is where it gets interesting. Over the last three to four years, we've seen investment and startups for audit tools. They've been successful in selling an audit solution to someone like a CSO. What happens, though, is that the audit solution once it is run against the code base or an application suite, it's really good at checking for security vulnerabilities. But how do you remediate that?
What Parasoft does is prioritize tasks to help them remediate. For example, you might have a class that has a problem. That goes to the top of the developer's task list so when he comes in the next morning he sees it and knows he has to fix it. From a code review process, that all gets bundled together to show that the developer has violated security rules and you can review that. One of the biggest problems we've found with security is not that developers don't want to do it. It's that they don't know what's required. So automating the policy process that is usually developed by the CSO and getting it back down on the developer desktop is something we're really pushing for security. Does this link up with your SOAtest product?
When we go into customers, the questions are more about audits and standards. These things have gotten much more granular in the last 18 months with the new standards because now you have to be PCI-compliant. You have to pass the audit or it will take money out of your pocket. So you've got to actively monitor these things.