Watchfire and Fortify partner on app security

As any hacker will tell you, there are many ways to pry open vulnerable code and even more ways to prevent it. Watchfire Corp and Fortify Systems each have tools designed to ferret out application security issues, but they both work at different ends of the lifecycle. The two companies are to announce an alliance combining product integration and go-to-market strategy.

Initially, both will focus on cross selling an integration module that provides a unified dashboard of security defects in software apps to existing joint customers.

Then they will focus on cross-selling customers who have one product, but not the other. Further down the road, they will add more back end integration, where defects uncovered in one product can be used to trigger a drill-down in the other.

What this is all about is the fact that Fortify Systems dissects code at development time, while Watchfire’s tool acts as an ethical hacker after code is either on a staging or production server.

The idea is that, whatever one tool doesn’t uncover, the other will, and that two heads are better than one. In practice, both security tests tend to be performed by different players at different portions of the software life cycle.

While Fortify’s customer base is heavily concentrated in application development, Watchfire’s tools are generally used by QA or security specialists who may report to different branches of the IT organization.

In many ways, the challenge is akin to what BMC is facing with its recent Identify Software acquisition. While BMC’s performance management tools monitor apps in production, Identify’s black box is trained on apps flagged as troublesome to identify bad threads or similar problems.

While in theory, these sound like two aspects of the same problem (application performance), BMC’s tools have typically been consumed by the data center folks, whereas Identify has found its primary niche with development groups.

Back to Watchfire and Fortify Systems, both are soon to announce their alliance. And out of the gate, they will have a front-end integration module that feeds results from both tools to a common application security dashboard.

Later on, they plan back-end integration, where a problem uncovered by the Watchfire ethical hacker could then be used to trigger a deep dive into the Fortify tool, which would uncover the offending source code. They haven’t yet placed a target date on the back end features.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing