Fortify Software In The News

The Wall Street Journal, Business Week, USA Today, C/Net, Forbes, InfoWorld, SD Times, Application Development Trends and others agree that Fortify Software is making news with our application security software products and software security services. Read the latest stories in our news archive below.

• • 
  • A Security Expert's Checklist For Deploying SaaS
  • Barmak Meftah of Fortify Software provides some advice on selection processes for choosing SaaS vendors with a checklist of facts and questions to ask prospective suppliers.
  • 
  • Security Pros Say Apps Are Vulnerable -- And Constantly Attacked
  • If you worry that your organization's applications are vulnerable to attack, then you're not alone, according to study results released yesterday. In a survey at the RSA Conference March 2010 in San Francisco, researchers from security vendor Fortify found that most security pros are stressed about potential attacks on their apps.
  • 
  • Fortify Searches For Security Bugs, May Find IPO
  • CEO John Jack says Fortify has grown 40% year-over-year since it was created and much of that growth runs parallel to the steady growth in data breach numbers. "There's nothing that's a bigger catalyst for us as a company than the rising number of data breaches," he says.
  • 
  • Fortify Advances Vulnerability Testing with HP
  • Fortify's, Product Manager, Russ Spitler is quoted in the announcement for Hybrid Security Analysis 2.0, developed jointly by Fortify Software and Hewlett-Packard. Hybrid 2.0 brings together static and dynamic applications vulnerability testing of source code under a common framework and will for the first time allow developers to see how an attack is exploiting vulnerabilities in their applications in real time. Read the entire article>>
  • 
  • National cybersecurity coordinator choice widely applauded
  • The appointment of Howard Schmidt, current member of the Board of Directors at Fortify Software, is a good choice for national cybersecurity coordinator, according to many in the public sector and the information technology industry. Roger Thornton, CTO at Fortify Software explains that "You need someone with enough government experience to be trusted, but enough industry experience to understand the problems. Read the entire article>>
  • 
  • No More Excuses for Insecure Software
  • Barmak Meftah, senior vice president of products and technology for Fortify Software, discusses how the advent of on-demand software assessment tools means that no software should be deployed without first being assessed for known security issues.
  • 
  • Fortify introduces SaaS edition of its application vulnerability technology
  • Fortify has rolled out a software-as-a-service (SaaS) version of its application vulnerability technology, Fortify 360 that according to Barmak Meftah, Fortify's SVP of Products and Technology, will allow companies using custom-developed or third-party-sourced programme code to verify - usually within a matter of hours - that their software is secure.
  • 
  • Windows 7 - cracked copies now coming to a pirate vendor near you
  • In this article about the availability of "cracked" copies of Windows 7, EMEA Managing Director for Fortify Software, Richard Kirk explains that with such large code bases, it is extremely difficult to ensure security. "The only real solution to the problem is for software vendors to exhaustively test and retest the security of the code from the earliest stages in the software's development stages." Read the entire article>>
  • 
  • Securing The Cyber Supply Chain
  • In this in depth discussion about Cybersecurity and Software Security Assurance, Brian Chess, chief scientist at Fortify, offers a practical , three-step process to build in security in the Cyber Supply Chain.
  • 
  • Cyberthieves find workplace networks are easy pickings
  • Barmak Meftah, Senior Vice President, explains that "Networks have become a hodgepodge of components stitched together, creating security holes that can easily be taken advantage of..." Read the entire article>>
  • 
  • The Four Myths of Cyber Security
  • Richard Kirk, Managing Director of Fortify UK explains that it is time to dispel the myths that a company's software is one of the largest exposures to risk that a business faces today. If it is designed and built correctly, software could end up being one of the most effective countermeasures against most of the common attacks employed by hackers.
  • Finally — A Solid measurement of The Scale and Scope of Cyber Attacks
  • Fortify's co-founder and CTO, Roger Thornton is quoted in this revealing article that discusses a milestone survey and new report that defines the degree to which the Web is infested with malicious code. The SANS Institute's report on Top Cyber Risks is by far the most comprehensive accounting of ongoing cyber attacks ever made public. The report distilled attack data from 6,000 companies and government agencies and found that the majority of incidents attack home and workplace computers, enlist them into bot networks, and then use them to carry out criminal activities.
  • 
  • Aides defend presidential powers in cybersecurity bill
  • The Rockefeller-Snowe proposed legislation raised federal and industry questions this week concerning the language defining the power that the President would have over networks in an emergency. Roger Thornton, CTO of Fortify Software, who has seen the second draft of the bill, said that although the idea of emergency government powers over computer networks sounds a little unsettling, he doesn't think it's alarming given the intent and exceptional conditions that would trigger such a reaction.
  • 
  • Invasion of the botnets: Cyberattacks on the rise
  • In this article, Fortify’s CTO, Roger Thornton, discusses how cyber attacks are becoming more professional – often leaving the most serious of attacks difficult to detect until the damage has been done.
  • BlackHat Interview - Taking Advantage of Security Spending Catalysts by Steven Fox, Security Paradigms
  • This is the 2ND part of Steven Fox's BlackHat interview with Barmak Meftah, Sr. VP, Products & Services at Fortify. In this installment, Mr. Meftah discusses ways to evangelize security.
  • BlackHat Interview - Risk Modeling and Application Security by Steven Fox, Security Paradigms
  • This is the first part of Steven Fox's BlackHat interview with Barmak Meftah, Sr. VP, Products & Services at Fortify. In this installment, Mr. Meftah shares his perspective on application security and the need for a rigorous risk modeling approach.
  • Common PHP Security Mistakes and What You Can Do About Them
  • Researchers at Fortify Software have compiled a list of the most common vulnerabilities found in PHP code. Here is what they found, and some advice on what developers can do about it.
  • 
  • White House struggles to fill cyber czar post
  • White House is still struggling to name a cyber coordinator . According to Roger Thornton, CTO for Fortify Software “every day we don't have someone at the helm of this problem, we're exposed more than we should be. This is a testament to how new and difficult this all is.” The nation's cyber security vulnerabilities have been exposed recently with a number of high profile assaults, including breaches of a fighter jet program and the electrical grid.
  • 
  • Attention shoppers, federal virtual storefront is coming
  • Federal Chief Information Officer Vivek Kundra wants to set up a virtual storefront where agencies can quickly purchase cloud-computing services. Roger Thornton, CTO of Fortify Software, says that the federal government's software procurement process was originally designed to handle large, complex systems and is still stacked in favor of companies that do business that way.
  • 
  • Experts predict more mobile Trojan slip-ups on the way
  • As news that the Symbian Foundation has admitted it needs better safeguards to prevent malicious apps finding their way onto mobiles, Fortify Software predicts this problem is going to get worse for mobile phone manufacturers and their operating system developers.
  • 
  • North Korea: Culprit in DDoS Attacks?
  • A botnet of some 50,000 hijacked computers has been hitting U.S. government websites and causing additional trouble among private-sector organizations in the U.S. and South Korea. For Fortify Co-Founder and Chief Scientist Brian Chess, the signs that this is a North Korean action are almost unmistakable.
  • 
  • Google's OS Security Claims Called 'idiotic'
  • Google, while announcing its new Chrome operating system, said users would no longer have to worry about viruses, malware and security updates, but security experts disagreed on whether Google can deliver on those promises. Brian Chess, Co-Founder and Chief Scientist at Fortify Software, said he's optimistic that Google seems to be making security a priority as it develops the Chrome OS.
  • 
  • Better Testing May Have Prevented Parcelforce Data Breach
  • A BBC investigation revealed that when some customers entered a parcel tracking code, they were able to access tracking information for other customers' packages. Fortify's European Director believes that the issue may have been caused by some scripts on some of the site's main landing pages.
  • 
  • HP Integrates Fortify Software Into Security Centre
  • The recent partnership between HP and Fortify will provide HP Application Security Centre enterprise users with better visibility into their software's security. This effort speaks to the need to integrate application security into the process of software development as opposed to reacting to security concerns after the fact.
  • 
  • HP and Fortify Team Up On Application Lifecycle Security
  • It has been recently announced that HP will integrate Fortify's Static Application Security Testing (SAST) solutions into HP's Application Security Center and Quality Center. This partnership offers HP customers a real-time view of application security scanning efforts enterprise-wide.
  • 
  • 75% of IT Professionals Believe Their Organization's Software is Vulnerable
  • In a recent survey conducted by Fortify Software, 75% of 300 IT security professionals recently claimed that they believe their software applications are susceptible to hackers. The revealing metrics gathered by this survey shows both the lack of priortization on software security during development as well as the unquestionable need to adhere to more secure coding practices and audits.
  • 
  • Security Concerns Arise Amongst Dash to Digitize Medical Records
  • Former White House cybersecurity czar, Howard Scmidt, speaks out about his growing security concerns around the rapid adoption of digitizing medial records. He warns the development community that security cannot be an afterthought and should not take a backseat to functionality.
  • 
  • End of XP Support Pushes Need For Better Code Audits
  • Fortify's Senior VP of Products and Technologies, Barmak Meftah, touches upon the increased need to proactively secure Windows XP applications now that Microsoft's mainstream support for the operating system is discontinued. The absence of XP support introduces additional risk to the security of applications being developed on this platform.
  • 
  • Poor Software Code Review May Be Cause For Security Lapse
  • A recent online incident reportedly allowed an Aspire Visa card user online access to around 120 other card holder statements. Richard Kirk, Fortify's European Director, points the finger at inadequate code auditing that would have mitigated the risk of this software coding oversight from being exposed to unassuming online customers.
  • 
  • Infosec 2009: Common Themes in an Evolving Security Market
  • Dan Raywood of SC Magazine UK provides a recap of this year's Infosecurity Europe Exhibition that had a five percent increase in visitors with 12,445 attendees. With many vendors alluding to the idea that the 'firewall is dead,' the theme of security in the 'cloud' was also shared amongst many. Along those lines, Fortify's EMEA Vice President, Richard Kirk, discussed the concept of ‘software security assurance,' and claimed that this was the ability to detect and measure the risk inside an application. He asked if security managers 'were aware of what their security was doing while they were not paying attention.'
  • 
  • Hacker's Attack Tony Blair's Facebook Profile
  • Reports suggest that Former British Prime Minister Tony Blair's Faith Foundation Facebook profile was recently defaced. As the presence of interactivity on the web skyrockets with Web 2.0 applications, this is a prime example of the need for application security on the web- especially for platforms such as Facebook that allow users to add their own publicly accessible applets.
  • 
  • Fortify Introduces SaaS for Managing Application Security
  • Fortify 360 version 2 provides on-demand tools that enable organizations to utilize its award-winning vulnerability detection analyzers in an online collaborative environment. Their Vendor Security Management product offering streamlines the detection and remediation of third-party software.
  • 
  • Chinese and Russian Cyberspies Infiltrate U.S. electrical grid
  • In another example of cyberwarfare engaged on the U.S., it is quite evident that the U.S. is far behind in this cyber arms race. With previous vulnerabilities being exploited in federal organizations such as the DOD and NASA, this latest threat puts the U.S. electrical infrastructure at great risk. Fortify's Senior VP of Products and Technology, Barmak Meftah, points out that these utility systems use software and systems that were built long before the internet and the concept of cyber attacks.
  • 
  • Time for U.S. Government Software Security Reform
  • In a report titled, Building In Security In Government, Fortify calls for a single governmentwide software security mandate that consolidates existing standards and closes gaping holes in government software assurance. The appointment of a federal chief technology officer would provided a centralized authoritative figure who comprehends the technicalities in establishing this security mandate.
  • 
  • Software Security Assurance for the U.S. Government
  • Evidenced by his search for a federal chief technology officer, it's clear that President Obama understands the enormous utility of information technology while recognizing the importance for the U.S. Government to adopt software security assurance. Shockingly, some analysts estimate that as much as 98 percent of data security breaches in government systems are due to known software vulnerabilities. Discover some of the past challenges for the U.S. Government and FISMA as well as how the Building In Security In Government report provides a model for this governmentwide change.
  • 
  • You Cannot Outsource Software Security Risk
  • While outsourcing software development is a growing trend during this recession, Gartner reports that more than 60% of companies do not do any security risk mitigation for outsourced code. Rob Rachwald, Fortify's Director of Product Development, highlights the fact that your customers will not be holding that outsourced vendor culpable for a security breach.
  • 
  • BSIMM – A Systemic "Yardstick" to Assess Software Security Initiatives
  • The "Building Security In Maturity Model" (BSIMM), authored by Brian Chess of Fortify Software and Gary McGraw and (co–author) Sammy Migues of Cigital, provides detailed analysis of the software security assurance programs of some of the world's top ISV's including Microsoft, Adobe, EMC, Google, Qualcomm, and Wells Fargo.
  • 
  • Fortify Releases Study on Successful Software Security Models
  • In collaboration with Cigital, Fortify has released the "Building Security In Maturity Model" that was developed as a set of benchmarks for establishing and growing an enterprise-wide software security program. The study analyzes nine of the world's most successful software security initiatives.
  • 
  • Application Security: A Tool Cannot Solve What Fundamentally is a Process Problem
  • Gartner's Neil MacDonald emphasizes the point that software tools alone do not produce secure applications. The adoption of secure coding practices and implementation of a software development process that upholds them is just as critical. The blog post references the results of a joint study conducted by Fortify and Cigital that outlines the "Building Security In Maturity Model."
  • 
  • Wall Street Journal: New Effort Hopes to Improve Software Security
  • Fortify and security consulting firm Cigital are getting ready to release a set of best practices that tech companies and other businesses can follow to ensure that the software they develop is secure. The authors developed the model by studying the security practices at Google, Microsoft, Adobe, and other tech companies, as well as non-tech companies that write their own software like Wells Fargo, and Depository Trust & Clearing Corp.
  • 
  • Fortify Discovers Flaws in Programs for Next Cryptographic Hash Standard
  • Fortify's researchers have revealed buffer overflows in two of the programs that were submitted for a competition seeking to replace the current hash standards. Both buggy reference implementations were written in C, which further proves this programming language's susceptibility to critical security bugs.
  • 
  • Keeping Your Bank Account Safe from Trojan Attacks
  • Fortify Chief Scientist, Brian Chess, speaks to the general assumption that U.S. online banking patrons demand convenience above all else. While "multiple factor authentication" systems are being adopted overseas, they aren't being promoted here in the U.S. where as Chess put it, "username and password still rule the earth."
  • 
  • A flight plan for safer software
  • The Air Force's Application Software Assurance Center of Excellence makes use of Fortify's source code analysis tool. Through effective use of the analyzer the Air Force is better equipped to defend information and is better prepared to fend off malicious attacks.
  • 
  • Boom in Cyber Threats as Markets Tumble
  • An influx of malicious internet-based schemes ranging from email phishing scams, cyberhijacking of usernames and passwords, and attacks on data storehouses have become more prevalent. Fortify's CTO, Roger Thornton, states, "They are breaching...the highest levels of the global finance infrastructure and a majority of our home computers."
  • 
  • Software Security Problems Caused by Lack of Experience and Knowledge
  • After working on the CWE/SANS top most dangerous programming errors, Jacob West, manager of Fortify's Security Research Group, sheds light on the fact that software developers, architects, and quality assurance testers are not always focused or fully trained on software security.
  • 
  • Application Security: 2008 in Review
  • Fortify Technical Advisory Board member, Marcus Ranum, discusses what should have been the hot topics of software security in 2008. The hotlist includes topics like the Georgian Cyberwar, Chinese Cyberattacks, and PCI compliant sites. Marcus summarizes related software security problems and why 2009 might be a repeat of 2008.
  • 
  • Software Security: Top 10 Surprises from Security Execs
  • Along with Cigital CT0 Gary McGraw, Fortify's Chief Scientist, Brian Chess, interviewed nine executives running top software security programs in order to gather real data from real programs. In the course of analyzing the data to create a maturity model, they unearthed some surprises.
  • 
  • Software Penetration Testing: Dead in 2009
  • Fortify Co-Founder and Chief Scientist, Brian Chess's remarks regarding the death of penetration testing as a process of software QA has sparked a dialogue in the industry. With executives focusing on application vulnerability prevention, Chess elaborates on the transformation of the software development lifecycle.
  • 
  • What will it take for a smooth election?
  • Touch-screen Machines Experience Problems on Election Day. CIO's Grant Gross exposes some of the election day mishaps with electronic voting machines. The article discusses steps being taken by the US Government to secure e-voting methods and ensure smooth elections.
  • 
  • Virtual Attack–Viruses, Spam, Hackers, and Phishing
  • Japan Inc's Jason Miks writes about how major organizations leave themselves vulnerable to cyber terrorism. Gene Endo, who manages Fortify's Japanese operations, speaks to the devastating cost of a data breach- not just in terms of the data theft itself, but the negative effect it has on the reputation of the victim organization.
  • 
  • As The Election Approaches, e-Voting Security Concerns Remain
  • With the increased sensitivity to vote tampering, e-Voting booths are under a high level of scrutiny. Fortify's report on "Voting in America" sheds light on some of these valid concerns.
  • 
  • Wipro Launches Security Testing for On Demand Apps–Indian Outsourcer Teams with Fortify
  • Wipro's Software Assurance Center will use the Fortify 360 suite of software security products and services. With this partnership, enterprises and SMB's have a cost-effective and scalable solution to assess and remediate application vulnerabilities.
  • 
  • Wipro and Fortify Launch Secure Code Service
  • Wipro and Fortify have announced a joint Software Assurance Center hosting a managed service to test the security of their customers' applications. This is a significant development, as it moves this capability into the managed services arena and is another step towards the recognition of application vulnerabilities as a primary security issue.
  • 
  • Application Security Over-Confidence: Facts & Myths Revealed for Banking Institutions
  • Application security is a key focus of regulatory agencies. In a recent survey targeting the Banking industry conducted by Information Security Media Group, respondents say they are more confident in their own applications vs. those developed by third-party service providers ... yet, they really don't demonstrate vulnerability assessment or remediation processes to justify any level of confidence. In this exclusive interview, Roger Thornton, founder and CTO of Fortify Software, comments on the survey results and his own market perspective. 
  • 
  • Be Aware of SOA Application Security Issues
  • Fortify's Brian Chess and Taylor McKinley bring light to the application security concerns introduced by many large enterprises bringing various disparate software systems together by leveraging XML, web services, and service oriented architecture. They discuss looking past the current standards to identify a system's weak points, and provide insight into eliminating these software security risks by adopting specific software security assurance techniques.
  • 
  • BetaNews Reviews Fortify's E-Voting Report
  • Angela Gunn of BetaNews writes about the highlights of Fortify's new ranking of the different voting methods as well as offering insight into potential solutions for e-voting issues.  This timely review is a must read for anyone interested in voting security in America's upcoming election.
  • 
  • Fortify Voting Methods Report Reveals Some Current Systems Unreliable
  • Byron Acohido of USA Today mentions findings from Fortify's latest report on Voting in America that show that just three of the six voting methods implemented across the nation are fairly reliable. These sytems, however, only account for 60% of the ballots cast nationwide.
  • 
  • Brian Chess and Jacob West Talk E-voting security with Robert Vamosi of CNET
  • Co-authors of Fortify's new report about E-voting security talk with Robert Vamosi of CNET. Brian Chess and Jacob West draw parallels between the electronic systems handling our votes and those that handle our  financial transactions.  They conclude with several ways the federal and state governments can work with voting  machine vendors to adopt software security assurance techniques into the systems they create.
  • 
  • Fortify Report: Paper Ballots More Secure, Accurate Than E-Voting
  • Kelly Jackson Higgins, Senior Editor of Dark Reading,  discusses Fortify's new report about E-voting security.  Jackson Higgins highlights Fortify's ranking of the different voting methods and includes quotes from Brian Chess chief scientist and co-founder of Fortify Software and Avi Rubin, professor of computer science at John Hopkins University.
  • 
  • Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model
  • Cigital's CTO, Gary McGraw, and Fortify's Chief Scientist, Brian Chess, outline their common objective of introducing a Software Security Framework to develop into an adaptable maturity model for software developers and development managers. The growing discipline of software security will benefit greatly from this industry-common framework that encompasses all the leading software security initiatives.
  • 
  • Free But Unsecure – Ensuring Security with Open Source Applications
  • As more organizations adopt the practice of deploying open source applications, software security is often overlooked. Rachwald, director of product marketing at Fortify Software, speaks to some of the surprising findings from Fortify's open source software study. He reveals the general lack of emphasis of secure coding habits among developers, and provides suggestions for eradicating security vulnerabilities within open source software.
  • 5 Technology Businesses Poised to Boom in the Financial Crisis
  • In the wake of the Wall Street financial crisis, risk management is one of the industries positioned to benefit. By offering a comprehensive suite of software risk assessment and security assurance tools and services, Fortify Software is identified as a "hot list" company.
  • 
  • Case Study: Secure coding cuts application maintenance cost
  • Telecom Italia chooses Fortify Software's static source code analyzer to reduce the cost of maintaining its business applications by a factor of 10.
  • 
  • Weak encryption creates SOA vulnerabilities
  • Rich Seeley interviews Fortify co-founder and chief scientist, Brian Chess, on SOA application vulnerabilities introduced by weak encryption implementations. This article identifies the most common software security issues related to service-oriented architecture applications, and touches upon how to deal with these challenges of internet security.
  • 
  • The Empty Debate over Open Source Security
  • Roger Thornton, founder and CTO of Fortify Software writes about the empty debate over Open Source Security in this guest editorial on ZDNet. The underlying problem of a lack of understanding and collaboration between developers and security experts is discussed as are the three main points in the ongoing debate over Open Source Security.
  • 
  • Why Open Source Fails
  • Dana Blankenhorn responds to Thornton's editorial in a blog piece titled “Why Open Source Fails Application Security Tests” and the conversation flows in the comments. See what the community is talking about in the ongoing debate over Open Source Security.
  • 
  • Open Source, Vulnerable Despite Rigorous Checks
  • A recent Fortify Software study found open-source software vulnerable to hackers despite rigorous checks during the collaborative code development process.
  • 
  • Schmidt and Torvalds on Open Source Security
  • Security for open-source software is discussed by industry experts Howard Schmidt, former cyber security advisor to the White House, and Linus Torvalds, inventor of the open-source Linux operating system.
  • 
  • Real-life Security Issues
  • An interview with Fortify's Senior Vice President of Products and Services provides an insider's perspective on industry best practices including real-life security issues, simple solutions, and PCI compliance.
  • 
  • Open Source, Open to Attack
  • Fortify examined 16 applications and found that vulnerabilities often were not fixed in new releases, and in some cases, the number of vulnerabilities actually increased.
  • 
  • Buggy Software is Your Fault, Too
  • Howard Schmidt, former White House Cyber Security Official and Fortify board member talks about how software developed internally isn't done so with security in mind.
  • 
  • Open-source Software Vulnerablities
  • Open-source software packages lag behind their commercial counterparts on security development, hacking vulnerabilities and subsequent support availability.
  • 
  • Report casts doubt on open source doctrine
  • Fortify is releasing an analysis it conducted of 11 popular open source software products, such as JBoss, Hibernate, Struts and Tomcat, and the news is not good.
  • 
  • Why fortified software is a safer bet
  • Fortify chief John Jack explains how his firm helps developers build security into their code.
  • 
  • Security of IT systems remain a serious concern
  • Fortify's Rob Rachwald says that compliance has become a major driver in fostering awareness for application security inside government and commercial organizations
  • 
  • Cyber-Security Lessons From the 15th Century
  • Fortify's Brian Chess and Taylor McKinley talk about how security executives at e-commerce companies should take a look back in the history books when attempting to effectively secure their data.
  • 
  • PCI compliance: Learning from the U.S. Air Force
  • Fortify's Brian Chess writes about how the best chances of passing a PCI audit and preventing a breach are fixing the code first, and then monitoring it in real-time.
  • 
  • Will Where the Holes Are
  • New tools help companies identify the real security risks in their computer systems -- before the hackers
  • 
  • Fortify Bundles Static and Dynamic Code Analysis
  • Fortify has integrated its application security software to offer a suite of tools for development, quality assurance and production environments.
  • 
  • States, wary of DRE's software flaws, look for a verifiable paper trail
  • Brian Chess, Fortify's chief scientist and co-founder, says that any county that doesn't have its election system locked in by now is in real trouble.
  • 
  • Technofile: Top Online Safety Tips
  • Barmak Meftah video interview on Sky News "Top Online Safety Tips"
  • 
  • Web 2.0, meet Internet attack 2.0
  • Jacob West, Manager of the Security Research Group at Fortify, says that security was a challenge to begin with, but if anything it's getting harder in the Web 2.0 world
  • 
  • Presidential campaign cyberattacks appear here to stay
  • Jacob West, Manager of Fortify Software's Security Research Group, comments on the cross-site scripting (XSS) vulnerability that misdirected visitors to the website of Democratic presidential candidate Barack Obama's website to the site of his rival, Hillary Clinton and says that it is important to note that the majority of websites are vulnerable to XSS attacks, so perhaps it was only a matter of time before the candidates' sites were attacked.
  • 
  • Web 2.0: A "Perfect Storm?"
  • Roger Thornton, Founder and CTO of Fortify Software writes about how Web 2.0 technologies are spawning an explosive growth in client-side processing (Ajax/Flex), distribution of executable content (JSON), and the the mixing of code from multiple sources (Mashups) and how these architectural decisions will also lead to an explosion in vulnerabilities that can be exploited both on the client and the server.
  • 
  • RSA: The Case For Code Testing
  • Cybersecurity veteran and Fortify Board Member Howard Schmidt summed up the major security problem today: "The business applications you need to run your business are the applications that make you more vulnerable."
  • 
  • Hannaford card data breach was a vulnerability problem
  • Fortify's Brian Chess says that Fortify has now launched Software Security Assurance (SSA), based on its new Fortify 360, essentially a blueprint for minimising risks associated with software exploits.
  • 
  • Hannaford tells regulators how breach happened
  • Fortify's Brian Chess said in a statement that a software flaw likely allowed the hackers to install the malicious software.
  • 
  • 300 grocery store servers hacked
  • Fortify's Brian Chess talks about the Hannaford Brothers data breach and opines that it is "likely that the attackers found a vulnerability in a piece of code that was common to all of the servers."
  • 
  • Pitching Software Security Assurance
  • Fortify claims that it has discovered a new process, called software assurance, that will revolutionize enterprise security by allowing for continuous vulnerability scanning
  • Fortify Pushes Application Security
  • Armed with a new product and strategy, Fortify is urging organizations to change the way they look at secure application development and advocating a new strategy to help keep businesses secure during the software development process.
  • 
  • Fortify delivers software lifecycle assurance
  • Enterprise application vendor Fortify Software today released a comprehensive software assurance suite, which it claims offer application testing unparalleled capabilities. Fortify 360 can be deployed to analyse code development throughout the software lifecycle: planning, coding, testing, deployment and the phase which is the major part of the cycle, maintenance.
  • 
  • Apps security testing companies ride wave
  • IBM and HP are working to integrate apps testing into their development platforms, but vendors of stand-alone security solutions still find business booming
  • 
  • Fortify aims for the security suite spot; Moves upstream
  • Fortify Software, which heads off insecure software code in the development, said Monday that it has launched a suite dubbed Fortify 360 designed to head off vulnerabilities in automated and older applications.
  • 
  • Holding ISVs to a Higher Security Standard
  • Fortify's Chess said that IT professionals should ask for evidence upfront, before licensing ISV offerings.
  • 
  • Software that makes software better
  • Programmers are using a variety of software tools to help them produce better code and keep bugs at bay. Fortify's Chief Scientist Brian Chess talks about how static analysis tools can spot security mistakes that programmers are known to make routinely.
  • 
  • The Evolution of Cybercrime
  • The past few years has seen a major change in the world of cybercrime, says Fortify's Richard Kirk.
  • 
  • Computer Security Must Come From Inside Out, Not Outside In
  • Ted Schlein, Fortify Founder and partner at Kleiner Perkins, talks about how Fortify has the new focus on guarding data and applications at the heart of networks — protecting from the inside out.
  • 
  • Will Your Vote Count?
  • Avi Rubin, member of Fortify's Technical Advisory Board and a computer science professor at Johns Hopkins University talks about how the fairest elections use paper ballots, albeit with sophisticated technology that ensures ballots are filled out correctly.
  • 
  • Black Hat Descends on Washington
  • Fortify's Brian Chess talks about how developers fail to do a great job of security testing simply because they don't have to. Since plenty of bugs can be found easily, they typically feel little incentive to undertake a more rigorous and thorough search that might find all bugs.
  • 
  • Touch-Screen Voting Machines Not Counted On
  • Avi Rubin, member of Fortify's Technical Advisory Board and a computer science professor at Johns Hopkins University and longtime critic of electronic voting methods of all stripes, said that U.S. states are moving away from the questionable DRE machines, also known as touch-screens, to optical scanning, and he couldn't be happier.
  • 
  • Cybercrime: Red Carpet Treatment In Trendy Tribeca
  • It's not often that bank CIOs and CISOs get invited to walk the red carpet at a film premiere, but it was a full house at the Tribeca Grand Hotel's screening room at the end of January when Fortify Software held the New York premiere of its documentary "The New Face of Cybercrime."
  • 
  • Securing voting machines
  • Fortify Software has made a headline grabbing offer of a free copy of its source code analysis software for every state in the US so that it can check the integrity of its vote counting machines and check the protection they offer for voter privacy, ahead of November's presidential elections.
  • 
  • 'Crash tested' e-voting machines spread doubt on Super Tuesday
  • Brian Chess of Fortify Software says that e-voting machines are an unnecessary risk and weren't developed with state-of-the-art security or robustness in mind.
  • 
  • Cybercrime documentary prompts awareness and action
  • More than 100 leading vendors and IT specialists recently took their seats for a private advanced screening of "The New Face of Cyber Crime," a documentary produced by Fortify Software and created by the Academy Award-winning filmmaker, Frederic Golding.
  • 
  • Shipping Services nearly derailed by a serious security oversight
  • Roger Thornton, Fortify co-founder and CTO talks about a security nightmare
  • 
  • US looks to military to take on cyber threats
  • Fortify's Security Practice Director Bruce Jenkins talks about how the US Air Force is setting up a command centre to be responsible for conducting offensive and defensive military operations in cyberspace
  • 
  • Overcoming SOA Insecurity
  • Fortify's Roger Thornton talks about how SOA makes the security challenge radically more complex
  • 
  • Hacking & The Academy Awards
  • Fortify has released a trailer on YouTube of an approximately 30-minute film, which looks at cybercrime's impact on consumers and businesses.
  • 
  • Fortify Premieres Documentary "The New Face Of Cybercrime"
  • Fortify Software presents the world premiere of a new documentary, "The New Face of Cybercrime" in private screenings at three cities - San Francisco, New York, and London - this month. An expert panel discussion about cybercrime and a reception will follow each screening.
  • 
  • Anatomy of a hack attack
  • Brian Chess, Chief Scientist at Fortify, and other security experts recreate a typical hack attack on two large organisations and walk through the steps that the head of IT should follow in such a case
  • 
  • Telos and Fortify help the Air Force develop model of protection
  • The Air Force can implement software more quickly, widely and cheaply than with the systems it used in the past. The new model also comes with new security issues. Like other government agencies and private organizations, the Air Force is under constant threat from hackers looking to steal sensitive information.
  • 
  • Widespread Failure to Sandbox Code
  • Despite managed execution frameworks, developers aren't sandboxing their application code.
  • 
  • Experts: Put Source Code Analysis in Build
  • How do you convince an overworked developer to add another task to a long to-do list? Source code analysis tool makers have sought to answer that question since they began selling software for finding security flaws a few years ago.
  • 
  • Howard Schmidt on cyber threats to national security
  • Howard Schmidt, world-renowned security expert and board member at Fortify Software, draws on his experiences working as a special advisor for cyber security in the White House.
  • 
  • A conversation with Brian Chess
  • This conversation with Fortify's Co-Founder and Chief Scientist is a must listen for business leaders, security professionals and developers if you want to learn how to engage your teams to better protect information.
  • 
  • App Security's Evolution
  • Application security, in the forms of vulnerability scanning and secure software development, is a "must-have" for medium-sized and large enterprises. The recent $10 million U.S. Air Force deal – spearheaded by Fortify's source code analysis product - is becoming a common method of buying and implementing app security solutions.
  • 
  • Betfair uses source code analysis tool to eliminate software bugs
  • Europe's largest e-commerce site is doing ‘things right the first time' with the deployment of Fortify Software's source code analysis tool,
  • 
  • Source code testers expect PCI windfall
  • Companies need to comply with new standards for storing and protecting sensitive data will be a significant driver of business for source code analysis vendors
  • 
  • Fortify SCA 5.0 Extends App Protection
  • Fortify plans to ship Fortify SCA 5.0, an updated version of the company's flagship application-development security suite.
  • 
  • Fortify Gets Multilingual
  • Fortify Software has added customization and collaboration capabilities to the latest version of Fortify Source Code Analysis.
  • 
  • Get Serious About Info Integrity
  • Barmak Meftah, senior vice president of products and services at Fortify, talks about how Source Code Analyzer 5.0 will include support for Cobol, Visual Basic and Active Server Pages.
  • 
  • U.S. Air Force Bolsters Itself for Cyber War by Selecting Fortify’s Application Security Suite for Worldwide Development Teams
  • Fortify has been selected by the U.S. Air Force as part of a comprehensive $10.2 million security protection plan to protect its applications from malicious hackers.