Fortify Software launches SAAS product to govern & check for flaws in software

Fortify Software Delivers Governance to Software Security and Brings Security Assurance to Third Party Software

New technologies provide first platform for software security governance, provide hosted solution to assure the security of outsourced or commercial software

London , April 6, 2009Fortify® Software, the market leader in Software Security Assurance (SSA) solutions, announced today the latest release of its cornerstone software security suite, Fortify 360, as well as its first-ever hosted software security solution, Fortify Vendor Security Management.

Fortify 360 is the market leading suite of solutions to contain, remove and prevent vulnerabilities in software applications. The latest release, Fortify 360 Version 2.0, now includes governance capabilities allowing enterprises to fully manage their organization-wide Software Security Assurance effort. Fortify Vendor Security Management provides enterprises with Fortify’s award-winning analysis technologies through a software-as-a-service offering, enabling companies to inspect the security of applications when source code is not available from commercial software vendors.

“One of the biggest challenges to implementing a Software Security Assurance program today is management,” said Roger Thornton, co-founder and CTO of Fortify Software. “Today’s environment requires security professionals to work with development, legal and executive teams, making the process of securing applications complex. Automation is the only way to ensure the efficiency of any software initiative-which requires an ability to give full visibility across all software assurance activities.

The addition of a Web-based SSA Governance module in Fortify 360 allows enterprises to:

  • Create and manage a detailed application inventory of all enterprise software, and assign risk profiles to all applications, such as those that are Web-facing, outsourced or built in-house
  • Automatically generate appropriate security policies tailored to each risk profile and apply them consistently
  • Communicate and track processes via a centralized system accessible to developers and security teams
“Securing an enterprise’s portfolio of software requires governance across all categories of applications, including in-house, third-party, outsourced, and open source, “said Jim Routh, chief information security officer of the Depository Trust & Clearing Corporation (DTCC). “You need to evaluate each application, developing a risk based inventory as well as defining and consistently applying security activities for each supply chain component. Fortify’s Governance Module will automate this process and provide visibility into the progress and status of software security across the organization's supply chain.”

At the same time, businesses today also face the challenge of securing software purchased from commercial vendors. “For most organizations, third-party software represents a majority of their deployed applications, but often they have little visibility into the security of that software aside from constant, disruptive patches,” continued Thornton. “Businesses today need to throw off that reactive mode of vendor management and adopt a preventative security approach that analyzes third-party software for vulnerabilities during the procurement or upgrade process and demand that significant problems be addressed prior to acceptance.”

“Virtually every organization today is built and operated on software,” said Barmak Meftah, Sr. Vice President of Products & Technology at Fortify Software. “Implementing software security assurance is imperative to mitigating the business risk associated with vulnerable applications, whether built in-house, outsourced, or acquired from commercial vendors. Fortify’s solutions help customers deal with the immediate challenge of removing vulnerabilities from their existing applications as well as the systemic challenge of producing and acquiring secure software.”

Fortify Vendor Security Management is Fortify’s first Software-as-a-Service solution. It enables security teams to assess and verify the security of third-party software while allowing the vendor to stay in control of the process. Software vendors can upload their binaries, have a scan conducted, address any issues, and publish a report summarizing the security of their application back to the security team.

“Enterprises today face intense pressure to implement application security from compliance mandates, customers and, obviously, the increasing threat of cybercriminals and hackers,” said Gartner analyst Joseph Feiman, VP and Gartner Fellow. “An effective program of software security governance enables enterprises to meet these challenges and make security part of the corporate DNA.”

The SSA Governance module is included in the latest version of Fortify 360 Version 2.0, and is available immediately. Companies interested in a free trial can sign up here:
www.fortify.com/products/fortify-360/governance.jsp.

Fortify Vendor Security Management will be available as a beta on April 20. Companies interested in beta testing can register here: www.fortify.com/products/ondemand/vsm/

Fortify will host a webinar detailing this product release on April 14th at 11 AM PST. To sign up, register here: https://www1.gotomeeting.com/register/240601500

Fortify®'s Software Security Assurance products and services protect companies from the threats posed by security flaws in business-critical software applications. Its software security suite—Fortify 360—drives down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e–commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world–class teams of software security experts and partners. More information is available at www.fortify.com or visit our blog at blog.fortify.com.

Yvonne Eskenzi, Eskenzi PR
<>