David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.
After their presentation “Correlating static and dynamic analysis results for more secure software” (read my summary) I spoke with Jacob West, Director of Security Research at Fortify Software, and Jeremiah Grossman, CTO and Founder of WhiteHat Security.
I asked them what are the most common vulnerabilities they see when they’re conducting dynamic and static analysis.
I was also interested to know how they simulate new attacks from bad guys, and it turns out the bad guys aren’t doing anything new. No need to. They just want to do the easiest and cheapest attack. They have the same business model as we do–ROI.
Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.