View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
April 4, 2004

Fortify enters code security market

Fortify Software Inc will come out of stealth mode today with the first products in its line of application vulnerability scanning software. Four products will be released, with at least one more planned for a few months from now.

By CBR Staff Writer

The Fortify Developer Toolkit and Source Code Analysis Server can be used by developers to scan their code for potential vulnerabilities before deployment. A Software Security Manager piece can be used by project managers to oversee the process.

The software works by parsing through source code looking for things like unchecked buffers or unchecked data types in input fields. The software has a list of about 540 rules it checks against, each a variation of one of a dozen vulnerability types.

In addition to the source code analysis software, Fortify will also release a runtime vulnerability analysis tool, which can be used to conduct penetration testing against applications that have already been compiled.

PayPal Inc, the payments-processing subsidiary of eBay Inc, is Fortify’s first named customer, said Mike Armistead, founder of the Menlo Park, California-based firm. Competitors include Sanctum Inc and SPI Dynamics Inc.

Armistead said the differentiator here is that Fortify scans source code looking for problems, whereas the competition acts like a hacker, throwing bad data at a functional application, hoping to break something and be able to execute malicious code.

The company may need the differentiator, as it has some catching up to do in terms of distribution. Its rivals already have partnerships in place with IDE and QA tools vendors, making it easier to put product in developers’ hands.

Sanctum, for example, has referral sales deals with Microsoft, Borland, IBM and others. Its AppScan software can integrate with their IDEs. SPI Dynamics says it has partnerships with IBM and Mercury Interactive.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

It will eventually be important for us to do that, in the event that the market is commoditized like that, but it’s not necessary out of the gate, said Armistead. Not everyone uses IDEs.

This article is based on material originally published by ComputerWire

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.