Software Integrity

 

Alphabet soup: SAST, DAST, IAST, and RASP explained

Turns out that the most important part of a software security initiative is FIXing the bugs that you FIND no matter how you find the bugs. So just what do all of the alphabet soup tools do? How do they help you fix what you find? And how do they scale? FWIW, tools of all kinds are essential to software security.

We recently expanded our capability to sweep entire software portfolios through the acquisition of iViZ and its integration with our Assessment Center. The main reason to mention this is to emphasize that any such approach must focus on helping developers actually fix defects.