Software developers know all too well the pain of finding and fixing security holes. To help make the process easier, HP has teamed with Fortify to develop a new tool that will offer both static and dynamic code analysis.
Developer.com takes a look at the new offering, which is expected to hit the market later this year.
Detecting and fixing vulnerabilities in software can often be a complicated process. To help streamline that process, HP has come together with code analysis vendor Fortify to combine the benefits of dynamic and static code analysis.
HP (NYSE: HPQ) and Fortify have dubbed their solution Hybrid 2.0, as it is technology that leverages applications from both vendors and bridges the gap between penetration testing and vulnerability root-cause analysis within source code.
“Hybrid 2.0 brings together static analysis, the inside-out view, with dynamic analysis, the ‘outside-in’ view, and taking it to a new level,” Jeff Morgan, product manager at HP software, told InternetNews.com. “We’re actively linking dynamic and static processes through some new and unique technology, and that will drastically increase what we can do.”
Specifically, the joint solution involves HP Assessment Management Platform (AMP), Fortify Source Code Analysis (SCA) and Fortify Program Trace Analyzer (PTA) working together to connect penetration test results directly to source code analysis results.