OpenText Core Application Security and Klocwork compete in the application security domain. Klocwork has the upper hand with reliable static code analysis and better customer support.
Features: OpenText Core Application Security provides dynamic application security testing, real-time dashboards, and integration into development pipelines. Klocwork is noted for its static code analysis, on-the-fly defect detection, and deep integration into CI processes.
Room for Improvement: OpenText Core Application Security could improve integration with incident management and enhance reporting features. Klocwork needs better false positive management, expanded language support, and enhanced dashboards.
Ease of Deployment and Customer Service: OpenText offers deployment across on-premises, public, and hybrid clouds. Klocwork focuses on on-premises and private cloud options. Users find OpenText's customer service internationally accessible but report mixed satisfaction. Klocwork's customer service is highly rated, but licensing is seen as restrictive.
Pricing and ROI: OpenText Core Application Security has flexible pricing but is seen as costly, justified by its comprehensive features. Klocwork is competitively priced and offers a cost-effective solution with flexible licensing models.
The main ROI factors include efficiency and how we meet compliance standards for various automotive requirements.
There is definitive ROI if OpenText Core Application Security is deployed properly; it substantially reduces efforts in securing the solution while averting various application-related risks.
The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met.
The issue is not about the knowledge of the support but about the prioritization of the tickets they handle.
During the initial phase, there was a need for follow-ups and clarifications.
Support tickets often stay open for one month to three months, which leads to customer frustration.
I had direct interaction with them, which facilitated how we onboarded Fortify.
The technical support from OpenText is very good.
Klocwork supports our scalability needs without issues, even as project volumes increase.
The program-to-program enablement is scalable.
If a customer wants to know the tools and the technology used for their application to scan their application, they provide less information on that.
OpenText Core Application Security is highly scalable; it is running on the cloud, and elasticity is one of the best points of a cloud environment.
Fortify is superior to many solutions because of its scalability and that it does not require massive compute capabilities for its SAST and sandboxing features.
Installation is easy, and the solution is stable.
OpenText Core Application Security is stable and has minimal downtime, benefitting from AWS cloud availability.
There are too many warnings, and it requires expertise to determine the correct category for them.
Klocwork sometimes provides too many additional warnings which require expertise to manage.
We would like Klocwork to connect to Git and notify developers of issues tied to specific commits.
It would be beneficial if Fortify could check for CVEs (Common Vulnerabilities and Exposures) in third-party libraries, which I currently use a separate dependency checker tool for.
One thing I would highlight is if Fortify can focus more on the centralized dashboard of the tools because nowadays, tools such as SentinelOne also exist for identifying security issues, but they have a centralized dashboard that merges their cloud solution and application security side solution together.
I would say OpenText Core Application Security is not very user-friendly in terms of price; it is quite high.
It is less expensive than Coverity.
The solution is not very cheap, however, it is less expensive than Coverity.
Klocwork was competitively priced, making it a cost-effective solution for us.
The most valuable feature of Klocwork is the static analysis tools, which help identify potential security threats and errors.
Its integration with the CI/CD pipeline has helped streamline the software development process.
It takes just half a day to set up.
Fortify helps me find serious issues, such as developers inadvertently leaving access tokens, including API access tokens, in the source code.
On demand you have two levels of reports: the first from the tool, which is the same as we can get from Fortify on-premises, and a next level reporting made by experts from OpenText, leading to a more condensed and precise report as level three.
Additionally, you can integrate Fortify in CICD pipeline, so you get real-time updates about the security issues in your pipeline.
| Product | Mindshare (%) |
|---|---|
| OpenText Core Application Security | 3.2% |
| Klocwork | 1.3% |
| Other | 95.5% |
| Company Size | Count |
|---|---|
| Small Business | 12 |
| Midsize Enterprise | 2 |
| Large Enterprise | 12 |
| Company Size | Count |
|---|---|
| Small Business | 18 |
| Midsize Enterprise | 8 |
| Large Enterprise | 45 |
Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.
OpenText Core Application Security offers robust features like static and dynamic scanning, real-time vulnerability tracking, and seamless integration with development platforms, designed to enhance code security and reduce operational costs.
OpenText Core Application Security is a cloud-based, on-demand service providing accurate and deep scanning capabilities with detailed reporting. Its integrations with development platforms ensure an enhanced security layer in the development lifecycle, benefiting users by lowering operational costs and facilitating efficient remediation. The platform addresses needs for intuitive interfaces, API support, and comprehensive vulnerability assessments, helping improve code security and accelerate time-to-market. Despite its strengths, challenges exist around false positives, report clarity, and language support, alongside confusing pricing and package options. Enhancements are sought in areas like CI/CD pipeline configuration, report visualization, scan times, and integration with third-party tools such as GitLab, container scanning, and software composition analysis.
What features define OpenText Core Application Security?Industries like mobile applications, e-commerce, and banking leverage OpenText Core Application Security for its ability to identify vulnerabilities such as SQL injections. Integrating seamlessly with DevSecOps and security auditing processes, this tool supports developers in writing safer code, ensuring secure application deployment and enhancing software assurance.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
