Elemental Compliance System 1.4
Elemental's Richard Hornstein
Are your security policies deployed in technical-spec terms of ports, protocols, and IP addresses? Are they hard to read and adapt to new network devices and configurations? The Elemental Compliance Policy Language changes this by letting users express, monitor, and enforce security policies in business-friendly ways. The system then observes broadcast traffic and evaluates security issues. Similarly, the Elemental Compliance System identifies and restricts network access for hosts and users that are noncompliant with critical security policies.
Elemental's software keeps up with the continuous change by dynamically classifying groups of hosts based on hundreds of attributes. With more than 1500 included policies derived from security best practices of leading organizations, administrators can get a quick start using these or create their own custom policies.
Productivity Award Winners
Secure Software (securesoftware.com)
Static analysis of code bases is a critically important facet of software development—and few companies offer a more accurate and thorough tool for analyzing C and Java code than Secure Software. CodeAssure is among the best at identifying security holes and recognizing dubious constructs, making it particularly attractive to enterprises—the very companies that have the most to lose in the event of security breaches.
DevPartner SecurityChecker 1.0
Compuware's DevPartner SecurityChecker 1.0 is a commendable first attempt at a tool that offers comprehensive code security analysis for .NET code. Even though this first release suffers from 1.0 feature limitations, its stellar compile-time, runtime, and integrity security code violation checking and reporting make it a valuable investment for any security conscious enterprise.
Fortify Security Tester 1.0
The Fortify Security Tester is an excellent security analysis and QA tool for ASP.NET web application developers. It automatically generates tests to cover potential security vulnerabilities based on use cases, which are either automatically generated by a web crawler or recorded by Fortify when you go through the web application. The Fortify tests cover areas like SQL injection, XPath injection, and cross-site scripting.