Fortify Software Enables Customer to Grow Government Business

Customer Business Profile

A pioneer and a proven leader in the embedded-systems industry.

Software Security Initiatives

This leader in the embedded-systems market with key government contracts for mission-critical defense applications needed to enhance their secure development lifecycle (SDLC). As a trusted provider of software that provides a reliable, secure, high performance platform that is critically important to the success of defense systems, they were motivated to further harden their platform and tools. This required a software security solution that was capable of both providing performance to a high specification, while also providing overall software security management. A reliable, repeatable process for understanding and managing software security risk meant retaining and attracting military and aerospace contracts.

Characterized by extreme complexity and performance, embedded systems present formidable security challenges. As opposed to many online systems that are built on industry standard J2EE complaint application servers of which the Fortify Core and Extended rules sets fully cover, the myriad of ways tainted data can flow in and out of an embedded application is unique. Such vulnerabilities are not always published. In some cases they are "Top Secret" due to the sensitive nature of the end user applications. Security by obscurity is not in itself a solution, so custom rules must be written. Once in place, developers are free to code with the assurance that they have a repeatable test mechanism.

• Key Challenges

  • Demanding government customer required secure SDLC
  • Understand security status of a large code base – up to 10M LOC
  • Baseline the code
  • Source code analysis for C code in embedded software

Why they chose Fortify for secure software

Fortify Software was able to rise to the challenge. As an organization that is focused on software security, and has the creation of high performance software in its DNA, Fortify offered several clear advantages over the competition.

Unlike other security vendors that focus on code quality, metrics or process, Fortify Software provides solutions that allow you to implement a secure development lifecycle. The ability to find, manage and report on these vulnerabilities as part of an overall secure development lifecycle enables our clients to comply with regulatory requirements and meet SDLC requirements of government customers.

• Fortify Benefits

  The customer realized that the Fortify Software security solutions offer a number of unique analysis, management and remediation capabilities, including:

  • Data flow analysis
  • Analysis techniques
  • UI presentation
  • Reporting ability – metrics, track over time, integrate with other reporting – exportable info
  • Custom rule generation to handle unique application
  • Extensive technical support
  • Ability to handle large code base

Fortify Software was able to work with this customer to create the security specific documentation necessary for complying with the rigorous standards the US Military demands.

A Better Experience

This customer has improved its secure software development lifecycle capability in a short period of time, allowing the company to retain and attract military and aerospace contracts. This has strengthened the customer's differentiation in the market, as well as hardened its mission-critical software.

Read more security risk management case studies.