HP and Fortify team up on security tool

HP and software-security specialist Fortify Software have teamed up to help security professionals and developers identify and correct security issues in web applications, the companies announced on Tuesday.

The result of the partnership is a security technology the companies are calling Hybrid 2.0. The technology aims to bridge the gap between static and dynamic software-security vendors, and HP and Fortify say Hybrid 2.0 will provide more accurate and visible analysis of web applications.

Hybrid 2.0 connects penetration-test results directly to source-code analysis results, to expose flaws within the application source code. "Fortify and HP are delivering integrated technologies that enable businesses to more effectively reduce risk associated with insecure web applications," Fortify products chief Barmak Meftah said in a statement.

Dave Harper, services director for Fortify, told ZDNet UK on Wednesday that Hybrid 2.0 aims to improve communication and the flow of results between a business's penetration testing team and their development team.

"The problem is that penetration testing find the problem and send it to the development team, and they don't know what to do with it," Harper said. "They don't deal in URLs; they deal in source code. [Hybrid 2.0] solves the problem. Having something that makes it easier for those groups to communicate is a real advantage."

Fortify and HP are still developing Hybrid 2.0. They expect to make available the full product in the second half of 2010.