IBM takes Rational approach to apps security

IBM is today showing off new software which it claims will help firms reduce the costs associated with detecting security problems in their applications, and ease ongoing application compliance.

The firm said that its new Rational AppScan Developer Edition was designed to be used at the very earliest stages of software development, adding that this would save businesses from costly reactive measures or embarrassing security breaches.

For example, IBM said that it would help firms comply with industry staples such as the Payment Card Industry Data Security Standard, and warned that repairing individual software defects can cost as much as £10,000 (A$22,241).

"Today, only about 10 per cent of organisations are adopting pre-emptive application security measures. We predict that this will reach 80 per cent by 2010," said Scott Hebner, vice president of marketing at IBM Rational Software.

"As an industry, we are responsible for ensuring that security and compliance measures are built in, not bolted on after the software code has already been written.

"With the majority of security threats originating from web applications, it is imperative that businesses take action to lower their risks."

IBM claimed that AppScan Developer Edition allows for static code analysis, which checks source code for potential security vulnerabilities, dynamic black box testing to identify vulnerabilities in the compiled code, run-time analysis, patent-pending string analysis and composite analysis.

AppScan Developer Edition is available now on a fixed-term licence of approximately £13,000 (A$28,914) per seat.