ARMONK, N.Y., Dec. 03, 2010 /PRNewswire/ -- IBM (NYSE: IBM) today announced new software and analysis capabilities that provide a more efficient and accurate way to help organizations design, build and manage secure applications.

(Logo: http://photos.prnewswire.com/prnh/20090416/IBMLOGO )

The new software consolidates software vulnerability analysis and reporting into a single view across the enterprise. Developers can now assess security threats across the entire software development lifecycle, enabling global development teams to easily identify and test security exposures, and help reduce the risks and costs associated with security and compliance concerns.

For example, organizations can use the software to automate application security audits and source code scanning to ensure that the network and Web-based applications are secure and compliant. This delivers improved accuracy of vulnerability identification and remediation.

The new security offerings include enhancements to the IBM Rational AppScan portfolio that further simplify security vulnerability analysis and identification for software developers. As part of the new features, IBM Research provided string analysis, a software development capability that helps simplify the security testing process by automatically detecting and verifying which Web application development input needs to be cleansed to remove security risks. This capability helps accelerate the accuracy and efficiency of security testing by the development community, regardless of their security expertise.

As cited in IBM's 2010 mid-year X-Force Trend Report, 55 percent of all vulnerabilities come from Web applications, making it the greatest source of risk for organizations. The research indicates that computer security threats rose by 36 percent in the first half of 2010, resulting in more than 4,000 new vulnerabilities being documented compared to last year.

Simplifying Adoption of End-to-End Application Security

Web applications are often vulnerable due to a lack of built-in security. To reduce these risks, organizations need to implement security strategies that ensure applications are designed securely across the entire development lifecycle, from start to finish. Finding ways to extend security analysis across more testers in the security process and employing multiple testing techniques will result in higher-quality and more secure applications.

"As vulnerabilities become more prevalent, testing across the entire development lifecycle without having to invest in additional development resources and skills is significant for the bottom line," said Steve Robinson, General Manager, IBM Security Solutions. "Through the ongoing value brought by the acquisitions of Ounce Labs and Watchfire Corp., combined with our R&D expertise, we can now provide more comprehensive security governance, collaboration and risk management solutions that further protect organizations from malicious attacks."

New Capabilities to Strengthen Security

The new advancements in the IBM Rational AppScan portfolio simplify and automate security scanning with new hybrid analysis capabilities, improving vulnerability identification and remediation. The hybrid analysis provides automated correlation of results from static code analysis and dynamic analysis to increase vulnerability identification in automated software.

New enhancements to the IBM Rational AppScan portfolio include:

    --  Consolidated View of Vulnerabilities: Hybrid Analysis Reporting provides
        automated correlation of results discovered by static code analysis and
        dynamic analysis and improves the accuracy of the results that are
        provided to development for remediation. This visibility is an
        enhancement to Rational AppScan Enterprise Edition and enables
        organizations to take a strategic approach for addressing Web
        application security, while providing teams with visibility into the
        regulatory compliance risks of an organization. Automated correlation of
        results is initially available for Java.
    --  Broader Scanning Access Identifies Blind Spots: Hybrid Analysis Scanning
        enables the simultaneous application of static code analysis and dynamic
        analysis testing to identify more vulnerabilities than were previously
        detectable by software. Provided as an extension to Rational AppScan
        Standard Edition, this supports JavaScript and provides scanning access
        to an area that was previously blind spots for organizations.
    --  Security Assessment Process Simplified: String Analysis, a key
        enhancement to Rational AppScan Source Edition, enables the adoption of
        application security testing for the development community. String
        analysis simplifies the security testing process by automatically
        detecting what code is meant to cleanse user input in Web applications
        and also verify it is coded properly. This ability to simplify the
        security assessment process allows for expedient and accurate testing of
        code so development teams can continue to focus on delivering
        applications within tight time constraints.
    --  Multiple Frameworks Supported: Extensible Application Framework is
        another innovation in Rational AppScan Source Edition that provides
        greater visibility and data flow analysis into commercial, open source,
        and in-house developed Web application frameworks.  The ability to
        support any existing or customized framework is critical to testing
        coverage and accuracy of application code.

In addition, IBM announced support for federal security protocol, CAC/PKI, for the IBM Rational Software portfolio. The CAC/PKI protocol enhances the ability of governments globally to prevent unauthorized access to physical and digital environments, which compromise the security of military and national initiatives. IBM provides a full range of services for the detailed design, development and implementation of smartcard/biometrics and CAC/PKI implementations as part of the efforts to deliver full software lifecycle support of CAC/PKI and other security protocols.

IBM Security Solutions include an extensive portfolio of hardware, software solutions, professional and managed services offerings covering the spectrum of IT and business security risks, including: people and identity, data and information, application and process, network, server and endpoint and physical infrastructure. IBM Security Solutions empowers clients to innovate and operate their businesses on highly secure infrastructure platforms.

For more information on IBM Security Solutions, visit: www.ibm.com/security.

    Contact Information:
    Mary Rose Greenough
    IBM Media Relations
    617-784-7227
    mary_rose_greenough@us.ibm.com

SOURCE IBM