September 22, 2008
New Software Lowers Risk of Conducting Business on the Web
IBM (NYSE: IBM) today is unveiling new software that helps companies reduce the cost of detecting security vulnerabilities and managing application compliance across their portfolio of Web applications. IBM Rational AppScan Developer Edition software can be used at the earliest stages of software development, allowing organizations to achieve significant cost savings and lower business risks.
With more services moving online, the cost of recovering from a security breach can reach into the hundreds of millions of dollars.* In addition, ensuring compliance with industry mandates such as the Payment Card Industry Data Security Standard (PCI DSS) remains a top of mind issue for many companies. As a result, organizations are looking to protect their applications as they are being built, instead of spending money on reactive measures once they've already been deployed.
For the first time, organizations can test for vulnerabilities from the time an application is developed through after it has been deployed. By scanning software code prior to deployment, information technology (IT) teams can build security and compliance into the software development and delivery process before it poses a real risk to their company or becomes highly costly to fix.
Bug-ridden, poor quality software costs businesses billions of dollars annually** and the cost of identifying and repairing a software defect in a product that is already being used by consumers can cost upwards of $16,000*** for each defect. Recognizing these challenges, IBM is introducing IBM Rational AppScan Developer Edition which brings the power of security testing into the hands of the developer.
"Today, only about 10% of organizations are adopting preemptive application security measures. We predict that this number will reach 80% by 2010," said Scott Hebner, vice president, marketing, IBM Rational Software. "As an industry, we are responsible for ensuring that security and compliance measures are built in, not bolted on after the software code has already been written. With the majority of security threats originating from Web applications, it's imperative that businesses take actions to lower their risks."
IBM Rational AppScan Developer Edition can achieve unmatched coverage and accuracy in detecting potential security issues for Web applications. It is the industry's first solution which includes static code analysis which checks source code for potential security vulnerabilities, dynamic black box testing to identify vulnerabilities in the compiled code, run-time analysis, patent-pending string analysis and composite analysis.
IBM's string analysis helps to solve the biggest challenge plaguing current security code scanning solutions -- false positives. Features for minimizing false positives and providing easy-to-understand results are given higher priority than increasing the breadth of a scan, which can complicate security testing. Collaboration and sharing of configurations and results are a core part of the product, and reuse of a scan configuration helps provide consistent, repeatable scans on each application.
Using IBM Rational AppScan Developer Edition, customers can now "snap-in" security and compliance testing check points into their existing infrastructure, making it easier to incrementally add these features into the software delivery process. For instance, IBM Rational AppScan Developer Edition seamlessly integrates with IBM Rational Application Developer, the top development environment for IBM WebSphere applications.
IBM Rational AppScan Developer Edition is currently available for a fixed term license of U.S. $2,650 per seat.
IBM is the only company to offer security solutions that span across all areas of application delivery, spanning the development, testing, deploying and operational phases. IBM's portfolio for application security also includes: IBM Rational AppScan Standard, IBM Rational AppScan Enterprise, IBM Rational AppScan Tester Edition and IBM Rational AppScan Build Edition. To learn more about the portfolio, please visit: http://www.ibm.com/software/rational/offerings/websecurity/.
*Security breach costs include (but not limited to) fines, security and legal audits, customer lawsuits, PR/brand damage, disclosure fees.
** According to a 2002 report from the U.S. Commerce Department's National Institute of Science and Technology (NIST).
***Applied Software Measurement, Caper Jones, 1996.
CONTACT: Faye Abloeser IBM Communications [email protected] 908-770-0762