Badges
40 Points
5 Years
User Activity
About 4 years ago
Answered a question: What alternatives are there for Fortify WebInspect and Fortify SCA?
Fortify Static Code Analyzer is actually NOT an SCA (Software Composition Analysis) tool! It competes more with Checkmarx and Veracode
Over 4 years ago
Answered a question: SAST vs. DAST: Which is better for application security testing?
For application security you ideally need SAST, SCA and DAST. You need all three as they essentially measure different things
SAST identifies bad coding practices that potentially could be exploited
SCA identifies known vulnerabilities in the libraries and components you…
Over 4 years ago
Answered a question: Differences between Black Duck & Veracode
Clients that have benchmarked our solution against both BlackDuck and Veracode have noted that BlackDuck identifies more vulnerabilities, but also has more false positives. Note that MergeBase is more accurate in identifying more vulnerabilities with less false positives…
Over 4 years ago
Answered a question: What are the OWASP top 10 in 2020?
MergeBase.com provides the most accurate identification of vulnerabilities across all stages of the application's lifecycle
Answers
About 4 years ago
Software Composition Analysis (SCA)
Over 4 years ago
Application Security Tools