Coverity, the software integrity solutions supplier, and Armorize Technologies, a supplier of application security solutions, announced the integration of Coverity Static Analysis and Armorize CodeSecureTM. This partnership is intended to deliver the industry’s first combined solution that unifies quality and security analysis. Together, Coverity and Armorize products will enable development teams to effectively address security vulnerabilities as software code is written. Developers will be able to perform both security and quality analysis at every iteration without having to become security experts or being forced to use security audit tools.
“Despite advances made in software security over the last ten years, there continues to be a disconnect between security and development that creates risk by leaving critical business applications vulnerable to attack,” said Caleb Sima, CEO of Armorize Technologies. “We’ve been forcing developers to adapt to security, but the only effective way to address this risk is to have security adapt to the way developers work. Not the other way around. The Coverity and Armorize integration will be the first step in solving this problem.”
This partnership is designed to provide value to developer and security teams by:
• Unifying quality and security into a combined and integrated solution: Coverity and Armorize will provide the first integrated development and security source code analysis solution.
• Providing actionable security for development: Developers will be more easily able to take action and fix high priority security vulnerabilities and quality defects using their existing development and triage workflow.
• Improving the collaboration between security and development: Will provide security and development with the ability to collaborate on fixing security vulnerabilities with every iteration, without requiring developers to become security experts.
“Developers in more than 900 companies and organizations use Coverity on a daily basis to solve their toughest quality problems and this partnership will enable them to tackle security in the same way,” said Seth Hallem, CEO of Coverity, Inc. “The Coverity and Armorize partnership will make security a part of the day to day process for software development, allowing developers to deliver secure code without having to become security experts, trade off delivery dates, or use security audit tools. We are empowering development to produce secure code working the way they want to work, using the products and process that they want to use. This is a real breakthrough in delivering on our software integrity strategy.”
The planned integrated offering from Coverity and Armorize is intended to provide:
• Project visibility and security policy enforcement to help security teams automatically be notified of active development projects and easily set security policies aligned to the development project goals, type of application, and project-specific standards.
• Continuous quality and security analysis with every code change and iteration and resolution management of both quality and security defects in the developer’s existing workflow.
• Software integrity and compliance reporting for both security teams and quality teams so security experts know when vulnerabilities are fixed and development knows overall state of defect resolution “The notion of application “resilience” and “robustness” spans quality and security issues,” say Research Vice President and Gartner Fellow Joseph Feiman.
Feiman continued by stating, “The proper place for application security testing is in the SLC (software lifecycle) process. Most organizations will prefer to use security testing capabilities when they are integrated with SLC platforms.”
“Coverity is a leader in the software development community and is providing developers a way to detect and resolve defects at the earliest stages of development. The integration with Armorize is a natural extension to Coverity’s capabilities and enables development teams to address security risks as part of the development lifecycle using the products and workflow that they use every day,” said Theresa Lanowitz, founder of voke, inc., an independent analyst firm. “Software integrity needs to encompass quality, security, and safety. This integration is a bold move that puts Coverity into the security arena and showcases Armorize’s developer-centric security products.”
The Coverity and Armorize integrated solution is planned to be released by calendar year-end 2010. For more information or to participate in the beta, visit: www.coverity.com/armorize.