A recipe for security success, don't forget the HP sauce

London's InfoSec show is not so far away, so what better excuse for a security-themed ramble or two? You may have seen last week's news on news on ZDNetUK detailing the fact that Fortify Software has recently worked with HP to develop a new approach to hybrid security analysis technology for testing web applications.

The space-age-style named Hybrid 2.0 product sets out to enable teams across a web application lifecycle to improve visibility into security risks through advances in correlating static and dynamic testing results. Connecting penetration test team results directly to source code analysis is argued to reveal hidden vulnerability relationships and expose their root cause.

It's a nice story and it deserves some interest I'd say. But it did get me thinking about the particular set of adjectives, buzzwords and promotional phrases we tend to see in this sector of technology. I mean, security technology has a lingua franca all of its own doesn't it?

The perfect recipe for a security announcement appears to be a large portion of visibility, some deep testing penetration, three ounces of robust provisioning, a slice or two of integrated holistic solutions, two spoonfuls of unparalleled insight and dynamic testing analysis, a sprinkle of risk reduction measures and possibly even a small drizzle of Business Technology Optimization.

Cooking analogies aside, Fortify doesn't do a bad job of telling it pretty straight – and I do like this subject as I write on web design when I'm not writing about software app dev. When I hear about a technology that actually addresses Web Developers rather than Web Designers I am always extra interested.

It seems to be one of the least 'on the radar' roles in the firing line for technology news and I think that's weird – as I hear the Internet is really catching on and we need more people to build it properly.

NB: HP PR, you don’t call, you don’t write. Don’t you make software then?