qutwutwut

What's IBM's managed appscan platform, and how does pricing compare to HP's Fortify On Demand? Where is the platform hosted, and which country typically performs the issue validation?

Does IBM have an infrastructure vulnerability scanning tool? If it's QRadar VMS, what is the underlying scan engine- is it Nessus or Proventia?

What's the scanning engine underneath the hood- Nessus or Proventia?

How do your app testing dev and services teams feel about the OWASP Application Security Verification Standard (Version 2)- https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#tab=Home

Do you think ASVSv2 provides a better way to guarantee the level or testing performed? Does AppScan scan to Level 1 by default if you supply it all user roles?

Who performs the bulk of static app testing for your services teams- is it outsourced to India?