Beyond the HP + Fortify Horizon

Following my last blog post which was meant to look forward more in vision and less technology - I think it's interesting to start thinking about some of the things that the combined HP + Fortify business can do.  Forget about when it'll happen, which products will merge into what, and who will be doing what ... let's leave the static and dynamic groups as they are and focus on what they could do together.

 

It's no secret that HP has been talking about Hybrid 2.0 (PDF here) and the awesome capabilities of such a technology for a while now ...but how real is that kind of endeavor - ad what else can we achieve now that we have the #1 static analysis technology in-house?  Using static analysis to direct dynamic testing is brilliant ... and not only virtually eliminates the shortcomings of each technology on its own but also now combines their strengths!

 

Let's look at it this way ... let's pretend you're a structural engineer and you're being asked to certify the structural integrity of a new bridge.  You are being told you can either have the blueprints or go physically inspect the bridge.  That's insane right?  But up until now, budgets being what they are - many customer have been faced with this challenge when it comes to the security of their web applications.  Not anymore!  Now you're able to use the blueprint (static analysis) to go pinpoint the places where you should concentrate your physical inspections (dynamic) inspections to get a complete picture of the bridge in the fastest, safest, and most efficient manner possible.  Brilliant, right?

 

I don't think I'm going to find anyone who will try and argue that the above analogy and concept is a bad idea.  Hybrid 2.0 is a concept people are beating down our gates asking for... but there has to be more to it than this, I asked myself.

 

There more definitely is.  Think about it - you now have some of the foremost minds in static and dynamic security analysis of web-based software.  You put those people in a room and who knows what sorts of previously unknown concepts, ideas and products we'll come up with?  Whether its enhancements to each others products, integrations across the platforms, consolidations - who knows!?  The point here is ... there is genius at work here and it's all moving in under the same roof.

 

This is brilliant news for our customers.  We're planning on delivering products and services that actually start to solve the problems that corporate IT is facing.  I've been talking about smashing that security silo for a while now, and I'll be working as hard as I can do make sure we're building our tools, people and processes towards that goal.  Web App Security has been a formal team in corporate IT as long as 7+ years in some places and in almost every organization it's an operational function, running in a silo ...and it's failing.  This has become somewhat of a personal crusade for me - I am living for the day when corporate IT begins to reaffirm web application security as a cross-functional process ...rather than a check-box owned by the security team.  It is happening slowly, in places that "get it"... but not enough and certainly not fast enough.

 

I think the combined strengths of Fortify plus HP ASC into the new and improved HP Application Security Center will be part of that solution.  I'm confident of that.  Stay tuned... it's going to be a great ride.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author


Follow Us
Community Announcements
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation