Posted by Gary McGraw on November 7, 2014
Turns out that the most important part of a software security initiative is FIXing the bugs that you FIND no matter how you find the bugs. So just what do all of the alphabet soup tools do? How do they help you fix what you find? And how do they scale? FWIW, tools of all kinds are essential to software security.
Read my new SearchSecurity article about alphabet soup http://sws.ec/1EoMgCd
We recently expanded our capability to sweep entire software portfolios through the acquisition of iViZ and its integration with our Assessment Center. The main reason to mention this is to emphasize that any such approach must focus on helping developers actually fix defects.