View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
April 6, 2009

Fortify turns on on-demand security assurance service

System checks vulnerability of third-party code

By CBR Staff Writer

Application security specialist Fortify Software has come out with a system that automates software assurance governance and will help check for code flaws in business applications sourced from ISVs and outsourcers.

“Today’s environment forces security professionals to work with development, legal and executive teams making the process of securing applications complex,” the company said to introduce an upgraded version of a product known as Fortify 360. 

Barmak Meftah, senior VP for Fortify said of Fortify 360, “It provides the software security and risk management teams with everything they should need to express, automate, manage and enforce their security policy.” 

The line is that automation is the only way to ensure the efficiency and success of any security initiative and prevent cyber-criminals hacking in at the business application level. 

He told us, “It also addresses the difficulties organisations face in understanding the impact on the security policy of applications used internally like a commercial, off-the shelf software package from an ISV, or those that are supplied by a service provider or systems integrator.”

The product is an integrated dynamic and static analysis system designed to contain if not remove and prevent vulnerabilities in business applications. 

Meftah explained the latest enhancements had been developed after plenty of feedback from chief security officers at some of its 500-odd accounts.

Content from our partners
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer
Financial management can be onerous for CFOs, but new tech is helping lighten the load

The latest version comes with application risk templates that help improve governance by allowing security teams to systematically achieve visibility across all vulnerable software, and so optimise their software security assurance operations. 

The addition of a web-based SSA Governance module to Fortify 360 allows enterprises to create a detailed application inventory of all enterprise software, assign risk profiles to all applications and then generate appropriate security policies tailored to each risk profile. 

Meftah said a new on-demand audit, triage and fix service will also become available today, known as Fortify Vendor Security Management. 

An ISV can choose to upload binary of any commercial software to the on-demand system so that Fortify can assess the code with static and dynamic analysis, remediate any issues and report the healthcheck findings back to the software provider, or prospective customer.

Third-party vendors are not security experts, Fortify said. Software distributed by major ISVs produced 5,500 known vulnerabilities in 2008, the company has estimated. 

“Application security can no longer be overlooked in procurement. Contracts should always specify that security assurance will be provided as a condition for accepting applications,” the company said.



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.