Enterprise Services
Showing results for 
Search instead for 
Do you mean 

Fortify the dynamic enterprise with static code analysis tools

Nadhan on ‎09-04-2013 12:37 PM

Security is what I had in mind when I started teaching my daughter driving recently. I explained all the steps that a good, secure driver must take before setting the vehicle in motion when it is static – at rest. While these are really simple steps to ensure, for example, that the mirrors are positioned properly and the turn signals are functioning, they are also powerful life-saving steps once the vehicle is in motion. Applications are like cars in many respects. Therefore, enterprises should take a similar approach before putting their applications in motion. It is much easier to take precautionary measures by scanning the source code for vulnerabilities – way before running the binary code. Simple techniques, such as visual inspection, have proven powerful in the past. Imagine having a tool to automate such techniques and execute them faster that runs parallel to software development. Well, you don’t have to imagine any longer!



So, what are the key characteristics that best define a static code analysis tool?


1. Coverage: It is important that the generated information addresses potential issues across multiple application paradigms; including mobile, web and client-server applications.


2. Duration: Source code assessments to identify vulnerabilities must be effective and fast. Scalable solutions in the Cloud can be leveraged to that end.


3. Assurance: Accuracy of the identified vulnerabilities is a defining aspect of such tools.  You don’t want application development teams chasing a nuance that seems vulnerable, but turns out to be a false alarm.


4. Impact: Security measures employed during software development should minimally impact the software development timeline while ensuring a secure product at the end.


5. Partnership: Static code analysis is one of the instruments used as part of the overall risk management strategy for the enterprise. Enterprises must work with trusted partners across the application life cycle to proactively anticipate security vulnerabilities and take proactive measures upstream, during every phase of the SDLC.


These are the critical aspects of a type of tool that can effectively address static code analysis in your enterprise.

Keeping these in mind, please take a close look at what Alastair Stevenson has to say about the latest release of HP Fortify Static Code Analyzer in V3 and let me know what you think. You can also attend these sessions at the HP Protect 2013 conference:

As a parent, I care about the security of my children – especially when they are driving their cars. It will be much more difficult to control the outcomes of “breaches” or “violations” once the car is in motion. I would rather be assured that the car is safe even before it is started.


Newton immortalized the laws of motion. How does this sound to you as Nadhan’s Law of Secure Applications:


Applications must at least be secure at rest for them to be secure when in motion.


What measures are you taking to assess the security of your applications at rest? Would you be attending the Fortify sessions at HP Protect 2013? Is your car secure at rest? Are your applications secure in motion? Do you have a second law for secure applications? Please let me know.


Team up with HP Technology Expert, E.G.Nadhan


Connect with Nadhan on: Twitter, Facebook, Linkedin and Journey Blog.




0 Kudos
About the Author


Nov 29 - Dec 1
Discover 2016 London
Learn how to thrive in a world of digital transformation at our biggest event of the year, Discover 2016 London, November 29 - December 1.
Read more
Each Month in 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all