Getting a handle on application security vulnerabilities is the idea behind services and products from HP and IBM announced this week.
HP announced a consulting service, based on analysis by HP security experts, intended to uncover latent or undisclosed vulnerabilities in applications or systems through a review process that would commence as early as the architectural design phase, says John Diamant, HP secure product development strategist.
"This is a look at the application and where it would be deployed, why it's being deployed, and we conduct architectural threat analysis," Diamant says, with the goal of building resiliency and significantly reducing the problem of vulnerabilities through secure development practices.
While not disclosing how it would price this consulting service, there are several thousand HP security experts trained and ready for these kind of assignments Diamant says.
Separately, IBM this week introduced an updated product, AppScan Source Edition 7.0, a scanning tool generally used to catch vulnerabilities in applications before they go live.
Based on the product acquired in IBM's acquisition of Ounce Labs last year, AppScan Source Edition 7.0 includes "new ways to triage issues," says David Grant, compliance marketing director at IBM Rational. IBM also announced source-code assessment services to identify and resolve application security issues, and what IBM calls its secure engineering framework as a guide to development practices.