IBM Innovate has given me all kinds of opportunities to speak with IBM’s top execs and hear the latest news and announcements in their Rational product line. I spoke today with Jack Danahy, Security Executive Office for the Office of the CTO, Rational at IBM.
Danahy was the original founder and CEO of Ounce Labs, sold to IBM in July of 2009. The software developed at Ounce Labs provided the static analysis, “testing from the inside.”
Danahy gave me a bit of history of application security testing to explain the acquisition of Ounce Labs and the value or Rational’s AppScan product to the customer. “Security has always been a niche,” said Danahy. In the Internet’s early years firewalls were used for security. The applications had to step up and test for security. They looked for vulnerabilities and exposures. There are a limited number of folks who are really good at that. And there weren’t enough “good at security personel” to cover everything. Watchfire was acquired IBM Rational portfolio a few years ago and was very thorough in testing as a hacker would, “from the outside,” Danahy explained.
Customers want to know the system is configured the right way and not vulnerable to external threats from the outside. They also want to see the source code and find security gaps that can be addressed earlier in the development lifecycle. “The capacity to look at the software from the inside out and from the outside in” provides the most value for the customer giving them a unique perspective.
In this video, Danahy announces Rational AppScan Source Edition that will enable customers to be able to go to one place for security test results. IBM is also talking about strategies that will allow customers’ applications to be “secure by design.”
The updates to AppScan was one of four anouncements that was made by IBM today related to their “secure by design” initiative. IBM also announced enhancements to Tivoli Access Management, a Source Code Assessment Service and a Secure Engineering Framework.