ibm security appscan v8.8 portfolio supports collaborative and

IBM United States Software Announcement213-414, dated October 8, 2013

IBM United States Software Announcement 213-414 IBM is a registered trademark of International Business Machines Corporation 1

IBM Security AppScan V8.8 portfolio supportscollaborative and analytical security testingthroughout the software development lifecycleTable of contents

1 Overview 5 Technical information 2 Key prerequisites 11 Ordering information 3 Planned availability date 24 Terms and conditions 3 Description 28 Prices 4 Program number 29 Order now 4 Publications

At a glance

IBM® Security AppScan® V8.8 delivers:

• Improved time to value on static analysiswith:

– Streamlined triage features to quickly identify security risk

– Faster and easier configuration of JavaTM applications• Quickly identified confirmed vulnerabilities:

– Top security risks identified by leveraging latest industry standards from OpenWeb Application Security Project (OWASP) top 10 2013 and OWASP MobileSecurity Project - top 10 Mofile Risks

– Filters and scan confirmations that help ensure security compliance and bestpractices

• Enhanced encryption to protect your security assets:

– Supports industry-standard Transport Layer Security (TLS) protocol 1.2compliance with National Institute of Standards and Technology (NIST) SpecialPublication (SP) 800-131a

For ordering, contact your IBM representative, an IBM Business Partner, or IBMAmericas Call Centers at 800-IBM-CALL (Reference: YE001).

Overview

IBM Security AppScan V8.8 application security portfolio continues to deliver onstatic, dynamic, and interactive application security testing. IBM Security AppScanportfolio provides a platform for centrally managing application security testing andrisk management as critical elements of application lifecycle management.

What is new

IBM Security AppScan Source:

• Enhanced encryption (support for Transport Layer Security (TLS) 1.2), andcompliance with National Institute of Standards and Technology (NIST) SpecialPublication (SP) 800-131a.

• Improved analysis accuracy through expanded framework support.Comprehensive framework support does not require configuration. Newsupported frameworks include Spring MVC 3, ASP.NET MVC, MicrosoftTM .NET 4.5,


Java JAX-RS (V1.0 and V1.1), Java JAX-WS (V2.2), and Web Service DefinitionLanguage (WSDL).

• Generates scans faster and more easily with simplified configuration andimproved support for common Java web application dependencies.

• Streamlined triage features to quickly identify and isolate the most importantsecurity risks. Triage usability improvements include improved vulnerabilitymatrix, more descriptive names, and display optimizations to help maximizegraphical trace information.

• Includes new scan configurations to help speed analysis and to produce moreactionable results. The standard scan configurations help make it easy to focuson specific types of vulnerabilities which enables organizations to prioritize theirapplication security policies. New scan configurations include iOS to focus onmobile security and user input to isolate security risk introduced by users.

• Has new and enhanced analysis filters including Open Web Application SecurityProject (OWASP) Top 10 2013 and OWASP Top 10 Mobile Risks to help ensuresecurity compliance and best practices. Filters help to produce smaller, moreactionable results designed to ensure development teams focus on confirmedvulnerabilities.

• Delivers additional authentication support to help simplify user managementand make large deployments easier. New in this release is support for MicrosoftWindowsTM authentication.

• Improved Integrated Development Environment (IDE) support designed tomake working with the most current and popular development tools easier;updates include Visual Studio 2012, Eclipse 4.2, 4.2.2, 4.3, and IBM Rational®Application Developer V9.0.

IBM Security AppScan Standard:

• Enhanced encryption support for TLS 1.2 and compliance with National Instituteof Standards and Technology (NIST) Special Publication (SP) 800-131a.

• Allows recording an action-based login sequence, which enables scan sessionmanagement for certain types of applications.

• Improved login mechanism and session handling:

– Allows recording of an action-based login sequence to increase login success incertain applications.

– Enhanced methods to detect session tokens, that improve session handling.

• Updated OWASP Top 10 2013 report for identifying noncompliance issues.

IBM Security AppScan Enterprise:

• Enhanced encryption support for TLS 1.2, and compliance with NIST SP800-131a.

• Leverages the scalability of the Enterprise Dynamic Analysis Scanner byimporting and scheduling scans configured with the AppScan Standard desktopapplication.

• Reuses functional quality assurance test scripts and implements DynamicAnalysis security testing automation via new Representational State Transfer(REST) API interfaces.

• Delivers more flexibility for configuring decentralized AppScan Enterpriseadministration via finer custom user type settings for adding, deleting and editingusers and groups.

• Includes updated OWASP Top 10 (2013) report for identifying noncomplianceissues.

Key prerequisites

For details, refer to the Hardware requirements and the Software requirementssections.


Planned availability date

October 22, 2013: For electronic availability

November 12, 2013: For media availability

Description

Software runs business. From the application that manages temperature in anuclear power plant to the website that drives and collects all incoming businessand reservations, there is one commonality to business success -- the ability forthose applications for function correctly. The most efficient way to stay ahead ofapplication security vulnerabilities is to build software securely, from the ground up.The challenge is that many organizations do not know how to design and implementsecure applications. The majority of developers are not security experts, andsecure coding is historically not identified as a priority. As a result, web-based andnonweb-based applications alike continue to be deployed with vulnerabilities that putsensitive data at risk of a breach.

There is a better way. Because the onerous task of vulnerability identification andremediation cannot be successfully addressed by limited IT security resources,one success path is to engage development in the process of application securityby providing tools that fit into the existing environment and workflow. These toolsshould generate results in a way that is easily understood by all stakeholders:development, security and audit personnel, business owners, and executives.The IBM Security AppScan portfolio provides offerings that support and enhanceapplication security testing across the full application lifecycle.

IBM Security AppScan V8.8 is a leading application security test suite designed tohelp manageability testing throughout the software development lifecycle. AppScanoffers a time-saving solution for all types of security testing: outsourced, individual,and enterprise-wide analysis, and for all types of users including applicationdevelopers, build managers, quality assurance (QA) teams, penetration testers,security auditors, and senior management.

The IBM Security AppScan portfolio includes offerings used to test all aspects ofthe application portfolio at any size organization, whether it is live applicationsrunning in production or source code. AppScan validates findings and prioritizesreported results so remediation time is reduced. Reports include issuing advisoriesand advanced fix recommendations designed to educate and help developers andsecurity auditors remediate the identified vulnerabilities.

IBM Security AppScan offerings

IBM Security AppScan Standard is a desktop solution that utilizes InteractiveApplication Security Testing (IAST) and Dynamic Application Security testing(DAST). The patent-pending glass box feature in IBM Security AppScan Standardprovides IAST through run-time analysis - an automated method of combiningstatic and dynamic techniques in real time to improve the accuracy of test results.Interactive testing is next-generation testing that combines aspects of static anddynamic testing, and interactively analyzes results in real time. Benefits of glassbox, or interactive testing, include more accurate test results, identification of newthreat categories, and the ability to pinpoint specific lines of code and details thatfacilitate remediation.

IBM Security AppScan Enterprise is an enterprise-class solution for applicationsecurity testing and risk management. IBM Security AppScan Enterpriseprovides robust capabilities for governance and facilitates collaboration betweendevelopment, quality assurance, and security teams across the organization.It centrally manages dynamic, static, and interactive security assessments. Itprovides enterprise metrics and trending for monitoring application security program


progress. It also integrates with IBM Security QRadar® to incorporate applicationvulnerability data into overall security intelligence.

IBM Security AppScan Source analyzes source code during the development andbuild stages of the application lifecycle to identify security vulnerabilities with StaticApplication Security Testing (SAST) and integrates security testing with the softwaredevelopment processes and systems. IBM Security AppScan Source supports securemobile application development with testing for native Apple iOS (Objective-C) andAndroid ( Java ) applications.

Accessibility by people with disabilities

A US Section 508 Voluntary Product Accessibility Template (VPAT) containing detailson accessibility compliance can be requested at

http://www.ibm.com/able/product_accessibility/index.html

Program number

Program Programnumber VRM name 5724-T59 8.8.0 IBM Security AppScan Standard5724-T52 8.8.0 IBM Security AppScan Enterprise5724-Z34 8.8.0 IBM Security AppScan Source for Automation5724-Z35 8.8.0 IBM Security AppScan Source for Analysis5724-Z36 8.8.0 IBM Security AppScan Source for Development5724-Z37 8.8.0 IBM Security AppScan Source for Remediation

Education support

IBM training provides education to support many IBM offerings. Descriptions ofcourses for IT professionals and managers are on the IBM training website

http://www.ibm.com/services/learning/

Call IBM training at 800-IBM-TEACH (426-8322) for catalogs, schedules, andenrollments.

Offering Information

Product information is available via the Offering Information website

http://www.ibm.com/common/ssi

Also, visit the Passport Advantage® website

http://www.ibm.com/software/passportadvantage

Publications

IBM Security AppScan Enterprise V8.8 Planning and Installation Guide is shippedwith IBM Security AppScan Enterprise V8.8.

The following publications are shipped with IBM Security AppScan Standard V8.8:

• IBM Security AppScan Standard V8.8 Getting Started Guide

• IBM Security AppScan Standard V8.8 Getting Started Guide

• IBM Security AppScan Standard V8.8 Glass Box User Guide

http://www.ibm.com/able/product_accessibility/index.html

http://www.ibm.com/services/learning/

http://www.ibm.com/common/ssi



The following publications can be found, at electronic availability, at the below IBMPublication Center:

• IBM Security AppScan Standard 8.8 Getting Started Guide (GI13-4101-00)

• IBM Security AppScan Standard 8.8 User Guide (SC27-6202-00)

• IBM Security AppScan Standard 8.8 Glass Box User Guide (SC27-6203-00)

These documents, and other online relevant documentation are listed in the SecurityAppScan Standard Publications library at

http://www.ibm.com/support/docview.wss?uid=swg27024868

The following publications are shipped with IBM Security AppScan Source V8.8:

• IBM Security AppScan Source for Analysis User Guide

• IBM Security AppScan Source Installation and Administration Guide

• IBM Security AppScan Source Utilities User Guide

These documents and other online relevant documentation are available, atelectronic availability, at

http://pic.dhe.ibm.com/infocenter/appsrc/v8r8m0/index.jsp

The IBM Publications Center is available at

http://www.ibm.com/shop/publications/order

The Publications Center is a worldwide central repository for IBM productpublications and marketing material with a catalog of 70,000 items. Extensivesearch facilities are provided. Payment options for orders are via credit card (inthe US) or customer number for 20 countries. A large number of publicationsare available online in various file formats, and they can all be downloaded by allcountries, free of charge.

Technical information

Specified operating environment

Hardware requirements

IBM Security AppScan Source V8.8

• Disk space: Approximately 2 GB of available hard disk space (3 GB required forinstallation)

• Media drive: CD-ROM or DVD-ROM drive

• Memory: 2 GB of RAM (minimum); 8G of RAM or more recommended

• Processor: 2 CPU

For current information about IBM Security AppScan Source V8.8 hardwarerequirements, at electronic availability, refer to

http://www-01.ibm.com/support/docview.wss?&uid=swg27027486

IBM Security AppScan Enterprise V8.8

This configuration supports an average size deployment of three to four DynamicAnalysis Scanners (two concurrent scan jobs per scanner). Larger deployments orloads may require more resources.

• Disk space:

– Approximately 200 GB for the AppScan Enterprise Server and JazzTM TeamServer


http://pic.dhe.ibm.com/infocenter/appsrc/v8r8m0/index.jsp

http://www.ibm.com/shop/publications/order

http://www-01.ibm.com/support/docview.wss?&uid=swg27027486


– Approximately 500 GB of free space for scan logs on the Dynamic AnalysisScanner

– Approximately 1 TB of free space on the system hosting the SQL Serverdatabase

– Approximately 330 MB for the Web Services Explorer - Generic Service Clienttool (GSC) version 8.1 used to test Web Services for security vulnerabilities

• Memory:

– 16 GB of RAM (minimum) or more recommended for SQLServer database andDynamic Analysis Scanner

– 8 GB of RAM or more recommended AppScan Enterprise Server and Jazz TeamServer

• Processor:

– 4 CPU recommended for SQL Server database and Dynamic Analysis Scanner

– 2 CPU recommended for AppScan Enterprise Server and Jazz Team Server

For current information about IBM Security AppScan Enterprise 8.8 hardwarerequirements, at electronic availability, refer to

http://www-01.ibm.com/support/docview.wss?uid=swg27027541

IBM Security AppScan Standard V8.8

• Disk space: Approximately 30 GB of available hard disk space

• Memory: 3 GB of RAM or more recommended

• NIC network driver: 1 NIC 100 Mbps for network communication with configuredTCP/IP

• Processor: Core 2 Duo 2 GHz (or equivalent)

For current information about IBM Security AppScan Standard V8.8 hardwarerequirements, at electronic availability, refer to


Software requirements

IBM Security AppScan Source V8.8

IBM Security AppScan Source V8.8 has dropped support for Microsoft Windows XPand Microsoft Windows Server 2003.

Operating systems

Macintosh operating systems

• Mac OS X 10.7 (64 bit, on which Security AppScan Source runs in 32-bit mode)

• OS X 10.8

LinuxTM (On 64-bit Linux , Security AppScan Source runs in 32-bit mode.)

• Red Hat Enterprise Linux (RHEL) 5, 6, 6.1, 6.2, 6.3, and 6.4

Microsoft Windows (On 64-bit Windows , Security AppScan Source runs in 32-bitmode.)

• Microsoft Windows 7 Enterprise, Professional, and Ultimate

• Microsoft Windows Server 2008 Enterprise and Standard 32-bit x86

• Microsoft Windows Server 2008 R2 Enterprise and Standard

• Microsoft Windows Server 2012 DataCenter, Standard, Essentials, andFoundation

Prerequisite system requirements




License use management

• IBM Rational License Key Server V8.1.1, V8.1.2, V8.1.3, V8.1.4, and future fixpacks

Other system requirements

Compilers

• Microsoft Visual Studio 2008, 2010, and 2012

• gcc for Linux

• Jasper Version 2 (Tomcat Versions 5, 6, and 7)

• WebLogic Versions 8, 9, 11, and 12

• IBM WebSphere® Application Server V6.1, V7.0, V8.0, and V8.5

• XCode 4.4-4.6 for Objective-C (for Apple iOS applications only)

External databases

• Oracle Database 11g

For integration scenarios with various AppScan Source products, refer to AppScanSource product help.

• IBM Rational Application Developer for WebSphere Software V8.0, V8.0.1,V8.0.2, V8.0.3, V8.0.4, V8.5, V8.5.1, V9.0, and future fix packs

• Eclipse 3.6, 3.7, 3.8, 4.2, 4.2.2, 4.3, and future modification levels and fix packs

• Security AppScan Enterprise V8.8 and future modification levels and fix packs

• Microsoft .NET Framework 2.0, 3.0, 3.5, 4.0, and 4.5

• Microsoft Visual Studio 2008, 2010, 2012

Defect tracking systems

• Microsoft Team Foundation Server 2008, 2010, and future fix packs

• IBM Rational Team ConcertTM V3.0, V3.0.1, V4.0, V4.0.1, V4.0.2, V4.0.3, V4.0.4,and future fix packs

• IBM Rational ClearQuest® V7.1.2, V7.1.1, V8.0, V8.0.1, and future fix packs

• HP Quality Center 9.2, 10.0, 11.0, and future fix packs

Reports

• AdobeTM Reader Version 6.0, or later ( Microsoft Windows )• Adobe Reader Version 5.0 ( Linux )

For current information about IBM Security AppScan Source V8.8 softwarerequirements, at electronic availability, refer to

http://www.ibm.com/support/docview.wss?&uid=swg27027486

IBM Security AppScan Enterprise V8.8

IBM Security AppScan Enterprise V8.8 has dropped support for Windows XP andWindows Server 2003.

Operating systems

Linux (On Linux , Security AppScan Enterprise is used only with Security AppScanSource.)

• Red Hat Enterprise Linux (RHEL) 6, 6.2, 6.3, and 6.4

http://www.ibm.com/support/docview.wss?&uid=swg27027486


Windows

• Microsoft Windows Server 2008 and 2008 R2 Standard and Enterprise

• Microsoft Windows Server 2012 Datacenter and Standard

The following Windows operating systems are only for the client side of EnterpriseServer and Dynamic Analysis Scanner.

• Microsoft Windows 7 Enterprise, Professional, and Ultimate

Prerequisite system requirements

.NET

• Microsoft .NET Framework 4.5 is required.

Browsers

• Microsoft Internet Explorer 8.0, 9.0, 10, and future modification levels andfix packs (used for both Manual Explore and Dynamic Assessment Plugins) li.Mozilla Firefox 17.0 ESR, and future fix packs (used for both Manual Explore andDynamic Assessment Plugins)

• Google Chrome (only for Manual Explore Desktop Tool)

Databases

• Microsoft SQL Server 2008 Standard and Enterprise SP3, 2012, and future fixpacks

• Microsoft SQL Server 2008 R2 SP2, and future fix packs

License use management

• IBM Rational License Key Server V8.1.1, V8.1.2, V8.1.3, V8.1.4, and future fixpacks (required for floating user licenses)

Web servers

• IBM WebSphere Application Server V8.0.0.3, and future fix packs

• Apache Tomcat 7.0.32, and future fix packs

Other system requirements

Integration

• IBM Security SiteProtectorTM System V2.9, V3.0, and future fix packs• IBM WebSphere Portal Server V6.0.1.4, and future fix packs

• IBM Rational AppScan Source V7.0 - V8.8 inclusive (previous versions aresupported for importing of security results only)

• IBM Rational AppScan Standard V7.7 - V8.8 inclusive (previous versions aresupported for importing of security results only)

• IBM Security AppScan Source V8.8 integrates with IBM Security AppScanEnterprise V8.8 Server

• IBM Rational Team Concert V3.0, V3.0.1, V4.0, V4.0.1, and future fix packs

• IBM Rational Quality Manager V3.0.1.6 and V4.0.2

• IBM Security QRadar SIEM V7.0 M5

• IBM Security QRadar V7.1 and V71 M1 and M2

• IBM Security QRadar SIEM V7.2

For current information about IBM Security AppScan Enterprise V8.8 softwarerequirements, at electronic availability, refer to



IBM Security AppScan Standard V8.8

IBM Security AppScan Standard V8.8 has dropped support for Windows XP andWindows Server 2003.

Operating systems (both 32-bit and 64-bit editions)

Microsoft Windows

• Windows Server 2008 Standard and Enterprise, SP1 and SP2

• Windows Server 2008 R2 Standard and Enterprise, with or without SP1

• Windows Server 2012 DataCenter, Standard, Essentials and Foundation

• Windows 7 Enterprise, Professional, and Ultimate, with or without SP1

• Windows 8 Enterprise, Professional, 32-bit X86 and X64

Note: Security AppScan smart tags, used when creating custom reports, are notsupported for Windows Server 2008.

Browser

• Microsoft Internet Explorer Versions 7, 8, and 9, and Version 10 on Windows 7,Windows 8 and Windows 2012.

License key server

• Rational License Key Server V8.1.1, V8.1.2, V8.1.3, and V8.1.4

Defect tracking systems

• Rational ClearQuest V7.1.1, V7.1.2, V8.0, and V8.0.1

• HP Quality Center 9.2 and 10.0

Other

• Microsoft .NET Framework Version 4.5 is required.

• Optional: Adobe Flash Player for Internet Explorer, Version 10.1.102.64, or later

• Optional: Microsoft Word 2003, 2007, 2010, or 2013 for custom reporttemplates. Word 2003 or 2007 for Security AppScan smart tags to insert fieldsfor custom report templates.

AppScan Standard glass box server requirements

• Java platform Enterprise Edition containers:

– JBoss Application Server 6 and 7

– JBoss Enterprise Application Platform 7.1

– Tomcat 6 and 7

– WebLogic 10 and 11.1

– IBM WebSphere Application Server V7.0, V8.0, and V8.5

Glass box operating systems

Microsoft Windows :

• Windows Server 2008 R2 with and without SP1

• Windows Server 2008 Enterprise, SP1 and SP2

• Windows Server 2012

UNIXTM :



• Linux RHEL 5 and 6

• Linux SLES 10 SP4 and 11 SP2

• UNIX AIX® 6.1 and 7

• UNIX Solaris 10 (SPARC) and 11

For current information about IBM Security AppScan Standard V8.8 softwarerequirements, at electronic availability, refer to


The program's specifications and specified operating environment informationmay be found in documentation accompanying the program, if available, such asa readme file, or other information published by IBM , such as an announcementletter. Documentation and other program content may be supplied only in theEnglish language.

IBM Electronic Support

The IBM Support Portal is your gateway to technical support. This includes IBMElectronic Support tools and resources, for software and hardware, to help savetime and simplify support. The Electronic Support tools can help you find answers toquestions, download fixes, troubleshoot, automate data collection, submit and trackproblems through the Service Request online tool, and build skills. All these tools aremade available through your IBM support agreement, at no additional charge.

Read about the Electronic Support portfolio of tools

http://ibm.com/electronicsupport

Access the IBM Support Portal

http://ibm.com/support

Access the online Service Request tool

http://ibm.com/support/servicerequest

Planning information

Packaging

IBM Security AppScan is distributed with:

• International Program License Agreement (Z125-3301)

• License Information document

• DVDs

• Publications (refer to the Publications section)

This program, when downloaded from a website, contains the applicable IBMlicense agreement and License Information, if appropriate, and will be presentedfor acceptance at the time of installation of the program. For future reference, thelicense and License Information will be stored in a directory such as LICENSE.TXT.

Security, auditability, and control

IBM Security AppScan V8.8 uses the security and auditability features of theoperating system software. The customer is responsible for evaluation, selection,and implementation of security features, administrative procedures, and appropriatecontrols in application systems and communication facilities.


http://ibm.com/electronicsupport

http://ibm.com/support

http://ibm.com/support/servicerequest


Software Services

IBM Software Services has the breadth, depth, and reach to manage your servicesneeds. You can leverage the deep technical skills of our lab-based, software servicesteam and the business consulting, project management, and infrastructure expertiseof our IBM Global Services team. Also, we extend our IBM Software Services reachthrough IBM Business Partners to provide an extensive portfolio of capabilities.Together, we provide the global reach, intellectual capital, industry insight, andtechnology leadership to support a wide range of critical business needs.

To learn more about IBM Software Services or to contact a Software Services salesspecialist, visit

http://www.ibm.com/software/sw-services/

Ordering information

This product is only available via Passport Advantage . It is not available asshrinkwrap.

These products may only be sold directly by IBM or by authorized IBM BusinessPartners for Software Value Plus.

For more information about IBM Software Value Plus, visit

http://www.ibm.com/partnerworld/page/svp_authorized_portfolio

To locate IBM Business Partners for Software Value Plus in your geography for aspecific Software Value Plus portfolio, visit

http://www.ibm.com/partnerworld/wps/bplocator/

Product group: IBM Security AppScan Product Identifier Description (PID) IBM Security AppScan Enterprise V8.8 5724-T52 IBM Security AppScan Source for Automation V8.8 5724-Z34 IBM Security AppScan Source for Analysis V8.8 5724-Z35 IBM Security AppScan Source for Development V8.8 5724-Z36 IBM Security AppScan Source for Remediation V8.8 5724-Z37 IBM Security AppScan Standard V8.8 5724-T59 Product category: Security AppScan

Passport Advantage

Description Part number

IBM Security AppScan Enterprise (5724-T52)IBM Security AppScan Enterprise Reporting Only IBM Security AppScan Enterprise D056CLLReporting Only User Authorized User Single InstallLicense + SW Subscription & Support 12 Months IBM Security AppScan Enterprise E05ELLLReporting Only User Authorized User Single InstallAnnual SW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise D056DLLReporting Only User Authorized User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Enterprise D07YELLReporting Only User Floating User Single Install

http://www.ibm.com/software/sw-services/

http://www.ibm.com/partnerworld/page/svp_authorized_portfolio

http://www.ibm.com/partnerworld/wps/bplocator/


License + SW Subscription & Support 12 Months IBM Security AppScan Enterprise E06GHLLReporting Only User Floating User Single InstallAnnual SW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise D07YFLLReporting Only User Floating User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Enterprise D0569LLReporting Only User for System zAuthorized User Single Install License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise E05EJLLReporting Only User for System zAuthorized User Single Install AnnualSW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise D056ALLReporting Only User for System zAuthorized User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Enterprise D07YCLLReporting Only User for System zFloating User Single Install License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise E06GGLLReporting Only User for System zFloating User Single Install AnnualSW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise D07YDLLReporting Only User for System zFloating User Single InstallSW Subscription & Support Reinstatement 12 Months Fixed term licenses IBM Security AppScan Enterprise D056BLLReporting Only User Authorized User Single InstallInitial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise E05EKLLReporting Only User Authorized User Single InstallSubsequent Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise D0L7GLLReporting Only User Floating User Single InstallInitial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise E0CRTLLReporting Only User Floating User Single InstallSubsequent Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise D0L7HLLReporting Only User for System zFloating User Single InstallInitial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise E0CRULLReporting Only User For System zFloating User Single InstallSubsequent Fixed Term License +SW Subscription & Support 12 Months


IBM Security AppScan Enterprise D0L7FLLReporting Only User for System ZAuthorized User Single InstallInitial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise E0CRSLLReporting Only User for System zAuthorized User Single InstallSubsequent Fixed Term License +SW Subscription & Support 12 Months


IBM Security AppScan Enterprise (5724-T52)IBM Security AppScan Enterprise Dynamic Analysis Scanner IBM Security AppScan Enterprise Dynamic Analysis Scanner D0L73LLInstall License + SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Scanner E0CRJLLInstall Annual SW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise Dynamic Analysis Scanner D0L74LLInstall SW Subscription & Support Reinstatement 12 Months IBM Security AppScan Enterprise Dynamic Analysis Scanner D0L75LLfor System Z Install License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Scanner E0CRKLLfor System Z Install AnnualSW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise Dynamic Analysis Scanner D0L76LLfor System Z Install SW Subscription & SupportReinstatement 12 Months Fixed term licenses IBM Security AppScan Enterprise Dynamic Analysis Scanner D0L7DLLInstall Initial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Scanner E0CRQLLInstall Subsequent Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Scanner D0L7ELLfor System Z Install Initial Fixed Term License +SW Subscription & Support 12 Month IBM Security AppScan Enterprise Dynamic Analysis Scanner E0CRRLLfor System Z Install Subsequent Fixed Term License +SW Subscription & Support 12 Months


IBM Security AppScan Enterprise (5724-T52)IBM Security AppScan Enterprise Dynamic Analysis Users IBM Security AppScan Enterprise Dynamic Analysis Users D61V2LLAuthorized User Single Install License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users E047CLLAuthorized User Single Install AnnualSW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D61V4LLAuthorized User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D07YALL


Floating User Single Install License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users E06GFLLFloating User Single Install AnnualSW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D07YBLLFloating User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D61V3LLfor System Z Authorized User Single Install License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users E047DLLfor System Z Authorized User Single Install AnnualSW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D61V5LLfor System Z Authorized User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D07Y8LLfor System z® Floating User Single Install License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users E06GELLfor System z Floating User Single Install AnnualSW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D07Y9LLfor System z Floating User Single InstallSW Subscription & Support Reinstatement 12 Months Fixed term licenses IBM Security AppScan Enterprise Dynamic Analysis Users D0L7KLLFloating User Single Install Initial Fixed Term License+ SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users E0CRXLLFloating User Single Install Subsequent Fixed Term License+ SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D0L7LLLfor System Z Floating User Single Install InitialFixed Term License + SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users E0CRYLLfor System Z Floating User Single Install SubsequentFixed Term License + SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D040HLLAuthorized User Single Install Initial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users E04SILLAuthorized User Single Install Subsequent Fixed TermLicense + SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D0L7JLLfor System Z Authorized User Single InstallInitial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users E0CRWLLfor System Z Authorized User Single InstallSubsequent Fixed Term License +SW Subscription & Support 12 Months


IBM Security App Scan Enterprise (5724-T52)


IBM Security AppScan Enterprise Server Basic IBM Security AppScan Enterprise Server Basic D0L6CLLInstall License + SW Subscription & Support 12 Months IBM Security AppScan Enterprise Server Basic E0CRBLLInstall Annual SW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise Server Basic D0L6DLLInstall SW Subscription & Support Reinstatement 12 Months IBM Security AppScan Enterprise Server Basic D0L6ELLfor System Z Install License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Server Basic E0CRCLLfor System Z Install AnnualSW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise Server Basic D0L6FLLfor System Z InstallSW Subscription & Support Reinstatement 12 Months Fixed Term Licenses IBM Security AppScan Enterprise Server Basic D0L79LLInstall Initial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Server Basic E0CRLLLInstall Subsequent FixedTerm License + SW Subscription & Support 12 Months IBM Security AppScan Enterprise Server Basic D0L7ALLfor System Z Install Initial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Server Basic E0CRMLLfor System Z Install Subsequent Fixed Term License +SW Subscription & Support 12 Months


IBM Security App Scan Enterprise (5724-T52)IBM Security AppScan Enterprise Server IBM Security AppScan Enterprise Server D0L6GLLInstall License + SW Subscription & Support 12 Months IBM Security AppScan Enterprise Server E0CRDLLInstall Annual SW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise Server D0L6HLLInstall SW Subscription & Support Reinstatement 12 Months IBM Security AppScan Enterprise Server for System Z D0L6JLLInstall License + SW Subscription & Support 12 Months IBM Security AppScan Enterprise Server for System Z E0CRELLInstall Annual SW Subscription & Support Renewal 12 Months IBM Security AppScan Enterprise Server for System Z D0L6KLLInstall SW Subscription & Support Reinstatement 12 Months Fixed term licenses IBM Security AppScan Enterprise Server D0L7BLLInstall Initial Fixed TermLicense + SW Subscription & Support 12 Months IBM Security AppScan Enterprise Server E0CRNLLInstall Subsequent Fixed TermLicense + SW Subscription & Support 12 Months


IBM Security AppScan Enterprise Server for System Z D0L7CLLInstall Initial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Server for System Z E0CRPLLInstall Subsequent Fixed Term License +SW Subscription & Support 12 Months


IBM Security AppScan Source for Automation (5724-Z34) IBM Security AppScan Source for Automation D0BQVLLInstall License + SW Subscription & Support 12 Months IBM Security AppScan Source for Automation E086LLLInstall Annual SW Subscription & Support Renewal 12 Months IBM Security AppScan Source for Automation D0BQWLLInstall SW Subscription & Support Reinstatement 12 Months IBM Security AppScan Source for Automation for System z D0CHBLLInstall License + SW Subscription & Support 12 Months IBM Security AppScan Source for Automation for System z E08K9LLInstall Annual SW Subscription & Support Renewal 12 Months IBM Security AppScan Source for Automation for System z D0CHCLLInstall SW Subscription & Support Reinstatement 12 Months Fix term licenses IBM Security AppScan Source for Automation for System z D0CHELLInstall Initial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Source for Automation for System z E08KBLLInstall Subsequent Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Source for Automation D0BR8LLInstall Initial Fixed Term license +SW Subscription & Support 12 Months IBM Security AppScan Source for Automation E086ULLInstall Subsequent Fixed Term License +SW Subscription & Support 12 Months


IBM Security AppScan Source for Development (5624-Z36) IBM Security AppScan Source for Development D0BQZLLAuthorized User Single Install License +SW Subscription & Support 12 Months IBM Security AppScan Source for Development E086NLLAuthorized User Single Install AnnualSW Subscription & Support Renewal IBM Security AppScan Source for Development D0BR0LLAuthorized User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Source for Development D0CHTLLfor System z Authorized User Single InstallLicense + SW Subscription & Support 12 Months IBM Security AppScan Source for Development E08KKLLfor System z Authorized User Single InstallAnnual SW Subscription & Support Renewal 12 Months IBM Security AppScan Source for Development D0CHULL


for System z Authorized User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Source for Development D0BQXLLFloating User Single Install License +SW Subscription & Support 12 Months IBM Security AppScan Source for Development E086MLLFloating User Single InstallAnnual SW Subscription & Support Renewal 12 Months IBM Security AppScan Source for Development D0BQYLLFloating User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Source for Development D0CHXLLfor System z Floating User Single InstallLicense + SW Subscription & Support 12 Months IBM Security AppScan Source for Development E08KMLLfor System z Floating User Single InstallAnnual SW Subscription & Support Renewal 12 Months IBM Security AppScan Source for Development D0CHYLLfor System z Floating User Single InstallSW Subscription & Support Reinstatement 12 Months Fixed term licenses IBM Security AppScan Source for Development D0BRALLAuthorized User Single Install Initial Fixed TermLicense + SW Subscription & Support 12 Months IBM Security AppScan Source for Development E086WLLAuthorized User Single Install Subsequent Fixed TermLicense + SW Subscription & Support 12 Months IBM Security AppScan Source for Development D0BR9LLFloating User Single Install Initial Fixed TermLicense + SW Subscription & Support 12 Months IBM Security AppScan Source for Development E086VLLFloating User Single Install Subsequent Fixed Term License+ SW Subscription & Support 12 Months IBM Security AppScan Source for Development D0CIELLfor System z Authorized User Single InstallInitial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Source for Development E08KWLLfor System z Authorized User Single InstallSubsequent Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Source for Development D0CIFLLfor System z Floating User Single InstallInitial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Source for Development E08KXLLfor System z Floating User Single InstallSubsequent Fixed Term License +SW Subscription & Support 12 Months


IBM Security AppScan Source for Remediation (5724-Z37) IBM Security AppScan Source for Remediation D0BR3LLAuthorized User Single Install License +SW Subscription & Support 12 Months IBM Security AppScan Source for Remediation E086QLL


Authorized User Single Install AnnualSW Subscription & Support Renewal12 Months IBM Security AppScan Source for Remediation D0BR4LLAuthorized User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Source for Remediation for System z D0CI1LLAuthorized User Single Install License +SW Subscription & Support 12 Months IBM Security AppScan Source for Remediation for System z E08KNLLAuthorized User Single Install AnnualSW Subscription & Support Renewal 12 Months IBM Security AppScan Source for Remediation for System z D0CI2LLAuthorized User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Source for Remediation D0CI7LLFloating User Single InstallLicense + SW Subscription & Support 12 Months IBM Security AppScan Source for Remediation E08KTLLFloating User Single InstallAnnual SW Subscription & Support Renewal 12 Months IBM Security AppScan Source for Remediation D0CI8LLFloating User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Source for Remediation for System z D0CIBLLFloating User Single InstallLicense + SW Subscription & Support 12 Months IBM Security AppScan Source for Remediation for System z E08KVLLFloating User Single InstallAnnual SW Subscription & Support Renewal 12 Months IBM Security AppScan Source for Remediation for System z D0CICLLFloating User Single InstallSW Subscription & Support Reinstatement 12 Months Fixed term licenses IBM Security AppScan Source for Remediation D0BRCLLAuthorized User Single Install Initial Fixed Term License+ SW Subscription & Support 12 Months IBM Security AppScan Source for Remediation E086YLLAuthorized User Single InstallSubsequent Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Source for Remediation D0CIGLLFloating User Single Install InitialFixed Term License + SW Subscription & Support 12 Months IBM Security AppScan Source for Remediation E08KYLLFloating User Single InstallSubsequent Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Source for Remediation for System z D0CI4LLAuthorized User Single InstallInitial Fixed Term License + SW Subscription & Support 12Months IBM Security AppScan Source for Remediation for System z E08KQLLAuthorized User Single InstallSubsequent Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Source for Remediation for System z D0CIALL


Floating User Single InstallInitial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Source for Remediation for System z E08KULLFloating User Single InstallSubsequent Fixed Term License +SW Subscription & Support 12 Months


IBM Security AppScan Source for Analysis (5724-Z35) IBM Security AppScan Source for Analysis D0BQTLLAuthorized User Single Install License +SW Subscription & Support 12Months IBM Security AppScan Source for Analysis E086KLLAuthorized User Single Install AnnualSW Subscription & Support Renewal 12 Months IBM Security AppScan Source for Analysis D0BQULLAuthorized User Single Install SW Subscription & SupportReinstatement 12 Months IBM Security AppScan Source for Analysis D0CHKLLFloating User Single Install License +SW Subscription & Support 12 Months IBM Security AppScan Source for Analysis E08KGLLFloating User Single Install AnnualSW Subscription & Support Renewal12 Months IBM Security AppScan Source for Analysis D0CHLLLFloating User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Source for Analysis for System z D0CHILLAuthorized User Single Install License +SW Subscription & Support 12 Months IBM Security AppScan Source for Analysis for System z E08KFLLAuthorized User Single Install AnnualSW Subscription & Support Renewal 12 Months IBM Security AppScan Source for Analysis for System z D0CHJLLAuthorized User Single InstallSW Subscription & Support Reinstatement 12 Months IBM Security AppScan Source for Analysis for System z D0CHPLLFloating User Single Install License +SW Subscription & Support 12 Months IBM Security AppScan Source for Analysis for System z E08KILLFloating User Single Install AnnualSW Subscription & Support Renewal 12 Months IBM Security AppScan Source for Analysis for System z D0CHQLLFloating User Single InstallSW Subscription & Support Reinstatement 12 Months Fixed term licenses IBM Security AppScan Source for Analysis D0BR7LLAuthorized User Single Install Initial Fixed Term License+ SW Subscription & Support 12 Months IBM Security AppScan Source for Analysis E086TLLAuthorized User Single Install Subsequent Fixed Term License+ SW Subscription & Support 12 Months IBM Security AppScan Source for Analysis D0CHHLLFloating User Single Install Initial Fixed Term License


+ SW Subscription & Support 12 Months IBM Security AppScan Source for Analysis E08KELLFloating User Single Install Subsequent Fixed Term License+ SW Subscription & Support 12 Months IBM Security AppScan Source for Analysis D0CHFLLfor System z Authorized User Single InstallInitial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Source for Analysis for System z E08KCLLAuthorized User Single Install SubsequentFixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Source for Analysis for System z D0CHGLLFloating User Single Install Initial Fixed Term License +SW Subscription & Support 12 Months IBM Security AppScan Source for Analysis for System z E08KDLLFloating User Single Install SubsequentFixed Term License + SW Subscription & Support 12 Months

Description Part numberIBM Security AppScan Standard (5724-T59)IBM Security AppScan Standard E0D71LLAuthorized User Single Install Annual SW S&S Rnwl 12 MoIBM Security AppScan Standard D0N1KLLAuthorized User Single Install Lic + SW S&S 12 MoIBM Security AppScan Standard D0N1LLLAuthorized User Single Install SW S&S Reinstate 12 MoIBM Security AppScan Standard for System Z D0N1MLLAuthorized User Single Install License +SW Subscription & Support 12 MonthsIBM Security App Scan Standard for System Z D0N1NLLAuthorized User Single InstallSW Subscription & Support Reinstatement 12 MonthsIBM Security App Scan Standard for System Z E0D72LLAuthorized User Single Install AnnualSW Subscription & Support Renewal 12 MonthsIBM Security AppScan Standard E046DLLFloating User Single Inst Annual SW S&S Rnwl 12 MoIBM Security AppScan Standard D61SYLLFloating User Single Inst Lic + SW S&S 12 MoIBM Security AppScan Standard D61SZLLFloating User Single Inst SW S&S Reinstate 12 MoIBM Security AppScan Standard for System z E046ELLFloating User Single InstallAnnual SW S&S Renewal 12 MonthsIBM Security AppScan Standard for System z D61T0LLFloating User Single InstallLicense + SW S&S 12 MonthsIBM Security AppScan Standard Linux for System z D61T1LLFloating User Single InstallSW S&S Reinstatement 12 Months Fixed term licensesIBM Security AppScan Standard Floating User D040CLLSingle Install Initial Fixed Term License +SW Subscription & Support 12 MonthsIBM Security AppScan Standard E04SDLLFloating User Single Install Subsq FT Lic+S&S 12 MoIBM Security AppScan Standard for System Z D0NEKLLFloating User Single InstallInitial Fixed Term License +SW Subscription & Support 12 MonthsIBM Security AppScan Standard for System Z E0DBCLLFloating User Single InstallSubsequent Fixed Term License +SW Subscription & Support 12 MonthsIBM Security AppScan Standard Authorized User D0N1PLLSingle Install InitialFixed Term License + SW Subscription & Support 12 Months


IBM Security AppScan Standard Authorized User E0D73LLSingle Install SubsequentFixed Term License + SW Subscription & Support 12 MonthsIBM Security AppScan Standard for System Z D0N1QLLAuthorized User Single Install Initial Fixed Term License+ SW Subscription & Support 12 MonthsIBM Security AppScan Standard for System Z E0D74LLAuthorized User Single Install SubsequentFixed Term License + SW Subscription & Support 12 Months

Passport Advantage trade up

You must have previously acquired licenses for the following precursor products tobe eligible to acquire equivalent licenses of the trade-up products.

Trade-up product FROM Trade-upprecursor product description part number IBM Security AppScan Enterprise Server Install FROM D0L6ILLIBM Security AppScan Enterprise Server Basic Per InstallTrade-up License + SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D0L6SLLAuthorized User Single Install FROMIBM Security AppScan Enterprise Reporting Only UserPer Floating User Single InstallTrade-up License + SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D0L6RLLFloating User Single Install FROMIBM Security AppScan Dynamic Analysis User Per AuthorizedUser Single Install Trade-up License + SW Subscription &Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D0L6ZLLFloating User Single Install FROMIBM Security AppScan Enterprise Reporting Only Userper Floating User Single Install Trade-up License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Reporting Only User D0L77LLFloating User Single Install FROMIBM Security AppScan Enterprise Reporting Only UserAuthorized User Single Install Trade-up License +SW Subscription & Support 12 Months IBM Security AppScan Source for Development D0CIJLLFloating User FROMIBM Security AppScan Source for RemediationFloating User Trade-up License + SW Subscription &Support 12 Months IBM Security AppScan Source for Development D0CILLLAuthorized User FROMIBM Security AppScan Source for Remediationper Authorized User Trade-up License + SW Subscription &Support 12 Months IBM Security AppScan Source for Development D0CIKLLFloating User FROMSecurity AppScan Source Edition for DevelopmentAuthorized User Trade-up License + SW Subscription &Support 12 Months IBM Security AppScan Source for Remediation D0CI9LLFloating User FROMSecurity AppScan Source for RemediationAuthorized User Trade-up License + SW Subscription &Support 12 Months IBM Security AppScan Source for Analysis D0CHMLLFloating User Single Install FROMIBM Security AppScan Source for Analysis


Authorized User Single InstallTrade-up License + SW Subscription & Support 12 Months IBM Security AppScan Enterprise Reporting Only User D0L78LLFloating User Single Install FROMSecurity AppScan Enterprise Reporting Only Userfor System z Authorized Single InstallTrade Up License + SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D0L6WLLfor System Z Authorized User Single Install FROMSecurity AppScan Enterprise Reporting Only User perAuthorized User Single Install Trade Up License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D0L6VLLfor System Z Floating User Single Install FROMSecurity AppScan Enterprise Dynamic Analysis UserAuthorized User Single Install Trade Up License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Dynamic Analysis Users D0L72LLfor System Z Floating User Single Install FROMSecurity AppScan Enterprise Reporting Only UserFloating User Single Install Trade Up License +SW Subscription & Support 12 Months IBM Security AppScan Enterprise Server D0L6LLLfor System Z Install FROMSecurity AppScan Enterprise Server BasicPer Install Trade Up License +SW Subscription & Support 12 Months IBM Security AppScan Source for Development D0CHVLLfor System z Authorized User Single Install FROMSecurity AppScan Source for RemediationPer Authorized User Single Install Trade Up License +SW Subscription & Support 12 Months IBM Security AppScan Source for Development D0CI0LLfor System z Floating User Single Install FROMSecurity AppScan Source for Remediationper Floating User Single Install Trade Up License +SW Subscription & Support 12 Months IBM Security AppScan Source for Development D0CHZLLfor System z Floating User Single Install FROMSecurity AppScan Source for DevelopmentAuthorized User Single Install Trade Up License +SW Subscription & Support 12 Months IBM Security AppScan Source for Remediation D0CIDLLfor System z Floating User Single Install FROMSecurity AppScan Source for RemediationAuthorized User Single Install Trade Up License +SW Subscription & Support 12 Months IBM Security AppScan Source for Analysis for System z D0CHRLLFloating User Single Install FROMSecurity AppScan Source for AnalysisAuthorized User Single Install Trade Up License +SW Subscription & Support 12 Months IBM Security AppScan Standard D053YLLFloating User Single Install FROMIBM Security AppScan Standard Auth User Single InstallTrade-up License + SW Subscription & Support 12 Months IBM Security AppScan Standard for System Z D053XLLFloating User Single Install FROMIBM Security AppScan Standard Auth User Single InstallTrade-up License + SW Subscription & Support 12 Months


Consult your IBM representative if you have any questions.

Passport Advantage customer: Media pack entitlement details

Customers with active maintenance or subscription for the products listed areentitled to receive the corresponding media pack.


IBM Security AppScan Source for Development BT012ML and Remediation V8.8 Multilingual, DVD Media PackIBM Security AppScan Source for Analysis V8.8 BT011ML Multilingual, DVD Media PackIBM Security AppScan Source for Automation V8.8 BT010ML Multilingual, DVD Media PackIBM Security AppScan Enterprise Server V8.8 ML BT0KCML Multilingual, DVD Media PackIBM Security AppScan Standard V8.8 BJ13VML Multilingual, DVD Media PackIBM Security AppScan Enterprise BT0KDML Dynamic Analysis Scanner V8.8 Multilingual, DVD Media Pack

Charge metric

PIDProgram name number Charge metric IBM Security AppScan 5724-T52 Authorized User Single Install Enterprise V8.8 Floating User Single Install Dynamic Analysis Users IBM Security AppScan 5724-T52 Install Enterprise V8.8 Dynamic Analysis Scanner IBM Security AppScan Source 5724-Z34 Install for Automation V8.8 IBM Security AppScan Source 5724-Z35 Authorized User Single Install for Analysis V8.8 Floating User Single Install IBM Security AppScan Source 5724-Z36 Authorized User Single Install for Development V8.8 Floating User Single Install IBM Security AppScan Source 5724-Z37 Authorized User Single Install for Remediation V8.8 Floating User Single Install IBM Security AppScan 5724-T59 Authorized User Single Install Standard V8.8 Floating User Single Install

Authorized User

Authorized User is a unit of measure by which the program can be licensed. AnAuthorized User is a unique person who is given access to the program. Theprogram may be installed on any number of computers or servers and eachAuthorized User may have simultaneous access to any number of instances ofthe program at one time. Licensee must obtain separate, dedicated entitlementsfor each Authorized User given access to the program in any manner directly orindirectly (for example, via a multiplexing program, device, or application server)through any means. An entitlement for an Authorized User is unique to thatAuthorized User and may not be shared, nor may it be reassigned other than for thepermanent transfer of the Authorized User entitlement to another person.

Note: Some programs may be licensed where devices are considered users. In thatcase, the following applies. Any computing device that requests the execution ofor receives for execution a set of commands, procedures, or applications from theprogram or that is otherwise managed by the program is considered a separate userof the program and requires an entitlement as if that device were a person.


Floating User

Floating User is a unit of measure by which the program can be licensed. A FloatingUser is a person who is accessing the program at any particular point in time.An install is an installed copy of the program on a physical or virtual disk madeavailable to be executed on a computer. The program may be installed on anynumber of computers or servers, but if the Floating User simultaneously accessesmore than one install of the program, the Floating User requires a separateentitlements for each such install. Licensee must obtain separate entitlements foreach Floating User simultaneously accessing the program on each install in anymanner directly or indirectly (for example, via a multiplexing program, device, orapplication server) through any means.

Note: Some programs may be licensed where devices are considered users. In thatcase, the following applies. Any computing device that requests the execution ofor receives for execution a set of commands, procedures, or applications from theprogram or that is otherwise managed by the program is considered a separate userof the program and requires an entitlement as if that device were a person.

Terms and conditions

The information provided in this announcement letter is for reference andconvenience purposes only. The terms and conditions that govern any transactionwith IBM are contained in the applicable contract documents such as the IBMInternational Program License Agreement, IBM International Passport AdvantageAgreement, and the IBM Agreement for Acquisition of Software Maintenance.

This product is only available via Passport Advantage . It is not available asshrinkwrap.

Licensing

IBM International Program License Agreement including the License Informationdocument and Proof of Entitlement (PoE) govern your use of the program. PoEsare required for all authorized use. Part number products only, offered outside ofPassport Advantage , where applicable, are license only and do not include SoftwareMaintenance.

This software license includes Software Subscription and Support (also referred to asSoftware Maintenance).

These programs are licensed under the IBM Program License Agreement (IPLA)and the associated Agreement for Acquisition of Software Maintenance, whichprovide for support with ongoing access to releases and versions of the program.IBM includes one year of Software Subscription and Support (also referred toas Software Maintenance) with the initial license acquisition of each programacquired. The initial period of Software Subscription and Support (also referred toas Software Maintenance) can be extended by the purchase of a renewal option, ifavailable. These programs have a one-time license charge for use of the programand an annual renewable charge for the enhanced support that includes telephoneassistance (voice support for defects during normal business hours), as well asaccess to updates, releases, and versions of the program as long as support is ineffect.

License Information form number

• IBM Security AppScan Enterprise (5724-T52): L-KKHS-978KDU, L-KKHS-978KX5

• IBM Security AppScan Source for Automation (5724-Z34): L-NLII-98MR5U

• IBM Security AppScan Source for Development (5724-Z36): L-NLII-98MR5U

• IBM Security AppScan Source for Remediation (5724-Z37): L-NLII-98MR5U

• IBM Security AppScan Source for Analysis (5724-Z35): L-NLII-98MR5U


• IBM Security AppScan Standard (5724-T59): L-KKHS-978KC9

The program's License Information will be available for review on the IBM SoftwareLicense Agreement website

http://www.ibm.com/software/sla/sladb.nsf

Limited warranty applies

Yes

Limited warranty

IBM warrants that when the program is used in the specified operating environment,it will conform to its specifications. The warranty applies only to the unmodifiedportion of the program. IBM does not warrant uninterrupted or error-free operationof the program or that IBM will correct all program defects. You are responsible forthe results obtained from the use of the program.

IBM provides you with access to IBM databases containing information on knownprogram defects, defect corrections, restrictions, and bypasses at no additionalcharge. For further information, consult the IBM Software Support Handbook foundat

http://www.ibm.com/support/handbook

IBM will maintain this information for at least one year after the original licenseeacquires the program (warranty period).

Program technical support

This technical support allows you to obtain assistance (via telephone or electronicmeans) from IBM for product-specific, task-oriented questions regarding theinstallation and operation of the program product. Software Subscription andSupport (Software Maintenance) also provides you with access to updates(modifications or fixes), releases, and versions of the program. You will be notified,via announcement letter, of discontinuance of support with 12 months' notice. If yourequire additional technical support from IBM , including an extension of supportbeyond the discontinuance date, contact your IBM representative or IBM BusinessPartner. This extension may be available for a fee.

Money-back guarantee

If for any reason you are dissatisfied with the program and you are the originallicensee, you may obtain a refund of the amount you paid for it, if within 30 days ofyour invoice date you return the program and its PoE to the party from whom youobtained it. If you downloaded the program, you may contact the party from whomyou acquired it for instructions on how to obtain the refund.

For clarification, note that (1) for programs acquired under the IBM InternationalPassport Advantage offering, this term applies only to your first acquisition of theprogram and (2) for programs acquired under any of IBM's On/Off Capacity onDemand (On/Off CoD) software offerings, this term does not apply since theseofferings apply to programs already acquired and in use by you.

Other terms

Volume orders (IVO)

No




IBM International Passport Advantage Agreement

Passport Advantage applies

Yes, and through the Passport Advantage website at


Usage restriction

Yes. For information, refer to the License Information document that is available onthe IBM Software License Agreement website


Software Subscription and Support applies

Yes. Software Subscription and Support (also referred to as Software Maintenance)is included with licenses purchased through Passport Advantage and PassportAdvantage Express® . Product upgrades and Technical Support are provided bythe Software Subscription and Support offering as described in the Agreements.Product upgrades provide the latest versions and releases to entitled software andTechnical Support provides voice and electronic access to IBM support organizations,worldwide.

IBM includes one year of Software Subscription and Support with each programlicense acquired. The initial period of Software Subscription and Support can beextended by the purchase of a renewal option, if available.

While your Software Subscription and Support is in effect, IBM provides youassistance for your routine, short duration installation and usage (how-to) questions,and code-related questions. IBM provides assistance via telephone and, if available,electronic access, only to your information systems (IS) technical support personnelduring the normal business hours (published prime shift hours) of your IBM supportcenter. (This assistance is not available to your end users.) IBM provides Severity 1assistance 24 hours a day, 7 days a week. For additional details, consult your IBMSoftware Support Handbook at


Software Subscription and Support does not include assistance for the design anddevelopment of applications, your use of programs in other than their specifiedoperating environment, or failures caused by products for which IBM is notresponsible under the applicable agreements.

For additional information about the International Passport Advantage Agreementand the IBM International Passport Advantage Express Agreement, visit the PassportAdvantage website at


System i® Software Maintenance applies

No

Variable charges apply

No

Educational allowance available

Not applicable.






Statement of good security practices

IT system security involves protecting systems and information through prevention,detection, and response to improper access from within and outside yourenterprise. Improper access can result in information being altered destroyed ormisappropriated or can result in misuse of your systems to attack others. Without acomprehensive approach to security, no IT system or product should be consideredcompletely secure and no single product or security measure can be completelyeffective in preventing improper access. IBM systems and products are designedto be part of a comprehensive security approach, which will necessarily involveadditional operational procedures, and may require other systems, products, orservices to be most effective. IBM does not warrant that systems and products areimmune from the malicious or illegal conduct of any party.

IBM Electronic Services

Electronic Service AgentTM and the IBM Electronic Support web portal are dedicatedto providing fast, exceptional support to IBM Systems customers. The IBM ElectronicService Agent tool is a no-additional-charge tool that proactively monitors andreports hardware events, such as system errors, performance issues, and inventory.The Electronic Service Agent tool can help you stay focused on your company'sstrategic business initiatives, save time, and spend less effort managing day-to-dayIT maintenance issues. Servers enabled with this tool can be monitored remotelyaround the clock by IBM Support all at no additional cost to you.

Now integrated into the base operating system of AIX V5.3, AIX V6.1, and AIXV7.1, Electronic Service Agent is designed to automatically and electronicallyreport system failures and utilization issues to IBM , which can result in fasterproblem resolution and increased availability. System configuration and inventoryinformation collected by the Electronic Service Agent tool also can be viewed on thesecure Electronic Support web portal, and used to improve problem determinationand resolution by you and the IBM support team. To access the tool main menu,simply type smitty esa_main, and select Configure Electronic Service Agent . Inaddition, ESA now includes a powerful Web user interface, giving the administratoreasy access to status, tool settings, problem information, and filters. For moreinformation and documentation on how to configure and use Electronic ServiceAgent , refer to

http://www.ibm.com/support/electronic

The IBM Electronic Support portal is a single Internet entry point that replaces themultiple entry points traditionally used to access IBM Internet services and support.This portal enables you to gain easier access to IBM resources for assistance inresolving technical problems. The My Systems and Premium Search functions makeit even easier for Electronic Service Agent tool-enabled customers to track systeminventory and find pertinent fixes.

Benefits

Increased uptime: The Electronic Service Agent tool is designed to enhance theWarranty or Maintenance Agreement by providing faster hardware error reportingand uploading system information to IBM Support. This can translate to less wastedtime monitoring the symptoms, diagnosing the error, and manually calling IBMSupport to open a problem record. Its 24 x 7 monitoring and reporting mean nomore dependence on human intervention or off-hours customer personnel whenerrors are encountered in the middle of the night.

Security: The Electronic Service Agent tool is designed to be secure in monitoring,reporting, and storing the data at IBM . The Electronic Service Agent tool securelytransmits either via the Internet (HTTPS or VPN) or modem, and can be configuredto communicate securely through gateways to provide customers a single point of



exit from their site. Communication is one way. Activating Electronic Service Agentdoes not enable IBM to call into a customer's system. System inventory informationis stored in a secure database, which is protected behind IBM firewalls. It is viewableonly by the customer and IBM . The customer's business applications or businessdata is never transmitted to IBM .

More accurate reporting: Since system information and error logs areautomatically uploaded to the IBM Support center in conjunction with the servicerequest, customers are not required to find and send system information, decreasingthe risk of misreported or misdiagnosed errors. Once inside IBM , problem error datais run through a data knowledge management system and knowledge articles areappended to the problem record.

Customized support: Using the IBM ID entered during activation, customerscan view system and support information in the My Systems and Premium Searchsections of the Electronic Support website at


My Systems provides valuable reports of installed hardware and software usinginformation collected from the systems by Electronic Service Agent . Reportsare available for any system associated with the customer's IBM ID. PremiumSearch combines the function of search and the value of Electronic Service Agentinformation, providing advanced search of the technical support knowledgebase.Using Premium Search and the Electronic Service Agent information that has beencollected from your system, customers are able to see search results that applyspecifically to their systems.

For more information on how to utilize the power of IBM Electronic Services, contactyour IBM Systems Services Representative, or visit


Prices

Business Partner information

If you are an IBM Business Partner -- Distributor for Workstation Software acquiringproducts from IBM , you may link to Passport Advantage Online for resellers whereyou can obtain Business Partner pricing information. An IBM ID and password arerequired.

https://www.ibm.com/software/howtobuy/passportadvantage/paoreseller

Passport Advantage

For Passport Advantage information and charges, contact your IBM representativeor authorized IBM Business Partner for Software Value Plus. Additional information isalso available at


IBM Global Financing

IBM Global Financing offers competitive financing to credit-qualified customers toassist them in acquiring IT solutions. Offerings include financing for IT acquisition,including hardware, software, and services, from both IBM and other manufacturersor vendors. Offerings (for all customer segments: small, medium, and largeenterprise), rates, terms, and availability can vary by country. Contact your localIBM Global Financing organization or visit

http://www.ibm.com/financing

IBM Global Financing offerings are provided through IBM Credit LLC in the UnitedStates, and other IBM subsidiaries and divisions worldwide to qualified commercial



https://www.ibm.com/software/howtobuy/passportadvantage/paoreseller




and government customers. Rates are based on a customer's credit rating, financingterms, offering type, equipment type, and options, and may vary by country. Otherrestrictions may apply. Rates and offerings are subject to change, extension, orwithdrawal without notice.

Financing from IBM Global Financing helps you preserve cash and credit lines,enables more technology acquisition within current budget limits, permitsaccelerated implementation of economically attractive new technologies, offerspayment and term flexibility, and can help match project costs to projected benefits.Financing is available worldwide for credit-qualified customers.

For more financing information, visit


Order now

To order, contact the Americas Call Centers or your local IBM representative, or yourIBM Business Partner.

To identify your local IBM representative or IBM Business Partner, call 800-IBM-4YOU(426-4968).

Phone: 800-IBM-CALL (426-2255)Fax: 800-2IBM-FAX (242-6329)For IBM representative: [email protected] IBM Business Partner: [email protected]: IBM Teleweb Customer Support ibm.com® Sales Execution Center, Americas North 3500 Steeles Ave. East, Tower 3/4 Markham, Ontario Canada L3R 2Z1

Reference: YE001

The Americas Call Centers, our national direct marketing organization, can add yourname to the mailing list for catalogs of IBM products.

Note: Shipments will begin after the planned availability date.

IBM Software Value Plus

These products are available under IBM Software Value Plus, either directly fromIBM or through authorized Business Partners who invest in skills and high-valuesolutions. IBM customers may benefit from the industry-specific or horizontalsolutions, skills, and expertise provided by these Business Partners.

Additions to Software Value Plus will be communicated through standard productannouncements. For a current list of IBM software available under Software ValuePlus, visit

http://www.ibm.com/partnerworld/page/svp_authorized_portfolio_criteria

For questions regarding Software Value Plus, visit

http://www.ibm.com/partnerworld/page/svp_authorized_portfolio_contacts

Trademarks

Jazz, Rational Team Concert, SiteProtector and Electronic Service Agent aretrademarks of IBM Corporation in the United States, other countries, or both.

IBM, AppScan, Rational, QRadar, Passport Advantage, WebSphere, ClearQuest,AIX, System z, Express, System i and ibm.com are registered trademarks of IBMCorporation in the United States, other countries, or both.


http://www.ibm.com/partnerworld/page/svp_authorized_portfolio_criteria

http://www.ibm.com/partnerworld/page/svp_authorized_portfolio_contacts


Microsoft and Windows are trademarks of Microsoft Corporation in the United States,other countries, or both.

Linux is a registered trademark of Linus Torvalds in the United States, othercountries, or both.

Adobe is a trademark of Adobe Systems Incorporated in the United States, and/orother countries.

UNIX is a registered trademark of The Open Group in the United States and othercountries.

Other company, product, and service names may be trademarks or service marks ofothers.

Terms of use

IBM products and services which are announced and available in your countrycan be ordered under the applicable standard agreements, terms, conditions,and prices in effect at the time. IBM reserves the right to modify or withdraw thisannouncement at any time without notice. This announcement is provided for yourinformation only. Additional terms of use are located at

http://www.ibm.com/legal/us/en/

For the most current information regarding IBM products, consult your IBMrepresentative or reseller, or visit the IBM worldwide contacts page

http://www.ibm.com/planetwide/us/

http://www.ibm.com/legal/us/en/

http://www.ibm.com/planetwide/us/

ibm security appscan v8.8 portfolio supports collaborative and

Documents