Friday, January 11, 2008

HP to purchase Fortify?

So HP has moved forward with the purchase of SPI Dynamics....seems to be a good fit. However, with their new found capability of providing a web application security for the SDLC, would it not benefit HP to pull in a more robust solution for the source code scanning initiative?

While SPI/HP does provide a robust offer in DevInspect (a source code analysis and blackbox testing solution), the solution is still behind the 8-ball when it comes to true source code analysis technology. Now....keep in mind that history has indeed shown that the Fortify solution does present a terribly large number of "theoretical" vulnerabilities; however, the combination of Fortify's source code analysis with SPI/HP's blackbox testing would be a huge step forward for everyone.