• United States



Chief Executive Officer, Security Innovation

Security for Application Development Teams

Jun 21, 20072 mins
Business ContinuityData and Information SecurityIdentity Management Solutions

This week HP/Mercury announced its intention to acquire web application scanning tool company, SPI Dynamics. This is on the heels of IBM/Rational announcing two weeks ago intentions to acquire web application scanning tool company Watchfire. I applaud these moves and wonder what took the ALM (Application Lifecycle Management) tools companies so long to make a move.

I have long been on the opinion that the most significant challenge in IT Security is that of application security. I’ve also believed for a long time that the problem will never get solved until it is addressed at the developer desktop (note: I am including testers and other app dev team members in that moniker).

I have watched application security follow the same path as application performance and application reliability before that. It is an aspect of application quality that doesn’t get addressed until there is real pain being felt.

Like performance, companies had to be burned by application security before they took any steps to rectify the problem. And the first wave was a “pull” on education — this is still in process today. Many developers don’t know how to code for security, testers don’t know where or how to look for security vulnerabilities, and the tools that were available were inaccurate time hogs that cost a lot of money and didn’t integrate with the existing software development process and tools already being used. I’m sure this had a lot to do with the slow adoption of source code and web scanning tools. After all, they weren’t being offered by the major ALM players, who were well entrenched in most app dev teams (IBM/Rational, HP/Mercury, Compuware, and Borland).

So now that companies are getting educated on application security and the large ALM vendors (well, the largest two anyway) are acquiring security tools companies, I am more hopeful than ever that we are on our way to addressing more of the application security problem. Of course, both IBM and HP have a history of mangling acquisitions — Godspeed, SPI and Watchfire!! You’ll need it….

Chief Executive Officer, Security Innovation

Ed Adams is a software executive with successful leadership experience in various-sized organizations that serve the IT security and quality assurance industries. As CEO, Mr. Adams applies his security and business skills, as well as his pervasive industry experience in the software quality space, to direct application security experts to help organizations understand the risks in their software systems and develop programs to mitigate those risks. The company has delivered high-quality risk solutions to the most recognizable companies in the world including Microsoft, IBM, Fedex, ING, Sony, Nationwide and HP.