We changed our name from IT Central Station: Here's why

Badges

135 Points
2 Years
Top 20

User Activity

About 1 year ago
Fortify Static Code Analyzer is actually NOT an SCA (Software Composition Analysis) tool! It competes more with Checkmarx and Veracode
Over 1 year ago
For application security you ideally need SAST, SCA and DAST. You need all three as they essentially measure different things: SAST identifies bad coding practices that potentially could be exploited SCA identifies known vulnerabilities in the libraries and components you…
Over 1 year ago
Clients that have benchmarked our solution against both BlackDuck and Veracode have noted that BlackDuck identifies more vulnerabilities, but also has more false positives. Note that MergeBase is more accurate in identifying more vulnerabilities with less false positives…
Over 1 year ago
MergeBase.com provides the most accurate identification of vulnerabilities across all stages of the application's lifecycle

Answers

About 1 year ago
Software Composition Analysis (SCA)
Over 1 year ago
Application Security
Over 1 year ago
Application Security