Fortify Software In The News

The Wall Street Journal, Business Week, C/Net, Forbes, InfoWorld, SD Times, Application Development Trends and others agree that Fortify Software is making news with our application security software products and software security services. Read the latest stories in our news archive below.

• • 
  • Why fortified software is a safer bet
  • Fortify chief John Jack explains how his firm helps developers build security into their code.
  • 
  • Security of IT systems remain a serious concern
  • Fortify's Rob Rachwald says that compliance has become a major driver in fostering awareness for application security inside government and commercial organizations
  • 
  • Cyber-Security Lessons From the 15th Century
  • Fortify's Brian Chess and Taylor McKinley talk about how security executives at e-commerce companies should take a look back in the history books when attempting to effectively secure their data.
  • 
  • PCI compliance: Learning from the U.S. Air Force
  • Fortify’s Brian Chess writes about how the best chances of passing a PCI audit and preventing a breach are fixing the code first, and then monitoring it in real-time.
  • 
  • Will Where the Holes Are
  • New tools help companies identify the real security risks in their computer systems -- before the hackers
  • 
  • Fortify Bundles Static and Dynamic Code Analysis
  • Fortify has integrated its application security software to offer a suite of tools for development, quality assurance and production environments.
  • 
  • States, wary of DRE’s software flaws, look for a verifiable paper trail
  • Brian Chess, Fortify’s chief scientist and co-founder, says that any county that doesn’t have its election system locked in by now is in real trouble.
  • 
  • Technofile: Top Online Safety Tips
  • Barmak Meftah video interview on Sky News "Top Online Safety Tips"
  • 
  • Web 2.0, meet Internet attack 2.0
  • Jacob West, Manager of the Security Research Group at Fortify, says that security was a challenge to begin with, but if anything it's getting harder in the Web 2.0 world
  • 
  • Presidential campaign cyberattacks appear here to stay
  • Jacob West, Manager of Fortify Software's Security Research Group, comments on the cross-site scripting (XSS) vulnerability that misdirected visitors to the website of Democratic presidential candidate Barack Obama's website to the site of his rival, Hillary Clinton and says that it is important to note that the majority of websites are vulnerable to XSS attacks, so perhaps it was only a matter of time before the candidates' sites were attacked.
  • 
  • Web 2.0: A "Perfect Storm?"
  • Roger Thornton, Founder and CTO of Fortify Software writes about how Web 2.0 technologies are spawning an explosive growth in client-side processing (Ajax/Flex), distribution of executable content (JSON), and the the mixing of code from multiple sources (Mashups) and how these architectural decisions will also lead to an explosion in vulnerabilities that can be exploited both on the client and the server.
  • 
  • RSA: The Case For Code Testing
  • Cybersecurity veteran and Fortify Board Member Howard Schmidt summed up the major security problem today: "The business applications you need to run your business are the applications that make you more vulnerable."
  • 
  • Hannaford card data breach was a vulnerability problem
  • Fortify’s Brian Chess says that Fortify has now launched Business Software Assurance (BSA), based on its new Fortify 360, essentially a blueprint for minimising risks associated with software exploits.
  • 
  • Hannaford tells regulators how breach happened
  • Fortify's Brian Chess said in a statement that a software flaw likely allowed the hackers to install the malicious software.
  • 
  • 300 grocery store servers hacked
  • Fortify's Brian Chess talks about the Hannaford Brothers data breach and opines that it is "likely that the attackers found a vulnerability in a piece of code that was common to all of the servers."
  • 
  • Pitching business software assurance
  • Fortify claims that it has discovered a new process, called software assurance, that will revolutionize enterprise security by allowing for continuous vulnerability scanning
  • 
  • Fortify Pushes Application Security
  • Armed with a new product and strategy, Fortify is urging organizations to change the way they look at secure application development and advocating a new strategy to help keep businesses secure during the software development process.
  • 
  • Fortify delivers software lifecycle assurance
  • Enterprise application vendor Fortify Software today released a comprehensive software assurance suite, which it claims offer application testing unparalleled capabilities. Fortify 360 can be deployed to analyse code development throughout the software lifecycle: planning, coding, testing, deployment and the phase which is the major part of the cycle, maintenance.
  • 
  • Apps security testing companies ride wave
  • IBM and HP are working to integrate apps testing into their development platforms, but vendors of stand-alone security solutions still find business booming
  • 
  • Fortify aims for the security suite spot; Moves upstream
  • Fortify Software, which heads off insecure software code in the development, said Monday that it has launched a suite dubbed Fortify 360 designed to head off vulnerabilities in automated and older applications.
  • 
  • Holding ISVs to a Higher Security Standard
  • Fortify’s Chess said that IT professionals should ask for evidence upfront, before licensing ISV offerings.
  • 
  • Software that makes software better
  • Programmers are using a variety of software tools to help them produce better code and keep bugs at bay. Fortify's Chief Scientist Brian Chess talks about how static analysis tools can spot security mistakes that programmers are known to make routinely.
  • 
  • The Evolution of Cybercrime
  • The past few years has seen a major change in the world of cybercrime, says Fortify’s Richard Kirk.
  • 
  • Computer Security Must Come From Inside Out, Not Outside In
  • Ted Schlein, Fortify Founder and partner at Kleiner Perkins, talks about how Fortify has the new focus on guarding data and applications at the heart of networks — protecting from the inside out.
  • 
  • Will Your Vote Count?
  • Avi Rubin, member of Fortify's Technical Advisory Board and a computer science professor at Johns Hopkins University talks about how the fairest elections use paper ballots, albeit with sophisticated technology that ensures ballots are filled out correctly.
  • 
  • Black Hat Descends on Washington
  • Fortify's Brian Chess talks about how developers fail to do a great job of security testing simply because they don't have to. Since plenty of bugs can be found easily, they typically feel little incentive to undertake a more rigorous and thorough search that might find all bugs.
  • 
  • Touch-Screen Voting Machines Not Counted On
  • Avi Rubin, member of Fortify's Technical Advisory Board and a computer science professor at Johns Hopkins University and longtime critic of electronic voting methods of all stripes, said that U.S. states are moving away from the questionable DRE machines, also known as touch-screens, to optical scanning, and he couldn’t be happier.
  • 
  • Cybercrime: Red Carpet Treatment In Trendy Tribeca
  • It's not often that bank CIOs and CISOs get invited to walk the red carpet at a film premiere, but it was a full house at the Tribeca Grand Hotel's screening room at the end of January when Fortify Software held the New York premiere of its documentary "The New Face of Cybercrime."
  • 
  • Securing voting machines
  • Fortify Software has made a headline grabbing offer of a free copy of its source code analysis software for every state in the US so that it can check the integrity of its vote counting machines and check the protection they offer for voter privacy, ahead of November's presidential elections.
  • 
  • 'Crash tested' e-voting machines spread doubt on Super Tuesday
  • Brian Chess of Fortify Software says that e-voting machines are an unnecessary risk and weren't developed with state-of-the-art security or robustness in mind.
  • 
  • Cybercrime documentary prompts awareness and action
  • More than 100 leading vendors and IT specialists recently took their seats for a private advanced screening of "The New Face of Cyber Crime," a documentary produced by Fortify Software and created by the Academy Award-winning filmmaker, Frederic Golding.
  • 
  • Shipping Services nearly derailed by a serious security oversight
  • Roger Thornton, Fortify co-founder and CTO talks about a security nightmare
  • 
  • US looks to military to take on cyber threats
  • Fortify’s Security Practice Director Bruce Jenkins talks about how the US Air Force is setting up a command centre to be responsible for conducting offensive and defensive military operations in cyberspace
  • 
  • Overcoming SOA Insecurity
  • Fortify’s Roger Thornton talks about how SOA makes the security challenge radically more complex
  • 
  • Hacking & The Academy Awards
  • Fortify has released a trailer on YouTube of an approximately 30-minute film, which looks at cybercrime's impact on consumers and businesses.
  • 
  • Fortify Premieres Documentary "The New Face Of Cybercrime"
  • Fortify Software presents the world premiere of a new documentary, "The New Face of Cybercrime" in private screenings at three cities - San Francisco, New York, and London - this month. An expert panel discussion about cybercrime and a reception will follow each screening.
  • 
  • Anatomy of a hack attack
  • Brian Chess, Chief Scientist at Fortify, and other security experts recreate a typical hack attack on two large organisations and walk through the steps that the head of IT should follow in such a case
  • 
  • Telos and Fortify help the Air Force develop model of protection
  • The Air Force can implement software more quickly, widely and cheaply than with the systems it used in the past. The new model also comes with new security issues. Like other government agencies and private organizations, the Air Force is under constant threat from hackers looking to steal sensitive information.
  • 
  • Widespread Failure to Sandbox Code
  • Despite managed execution frameworks, developers aren't sandboxing their application code.
  • 
  • Experts: Put Source Code Analysis in Build
  • How do you convince an overworked developer to add another task to a long to-do list? Source code analysis tool makers have sought to answer that question since they began selling software for finding security flaws a few years ago.
  • 
  • Howard Schmidt on cyber threats to national security
  • Howard Schmidt, world-renowned security expert and board member at Fortify Software, draws on his experiences working as a special advisor for cyber security in the White House.
  • 
  • A conversation with Brian Chess
  • This conversation with Fortify’s Co-Founder and Chief Scientist is a must listen for business leaders, security professionals and developers if you want to learn how to engage your teams to better protect information.
  • 
  • App Security's Evolution
  • Application security, in the forms of vulnerability scanning and secure software development, is a "must-have" for medium-sized and large enterprises. The recent $10 million U.S. Air Force deal – spearheaded by Fortify’s source code analysis product - is becoming a common method of buying and implementing app security solutions.
  • 
  • Betfair uses source code analysis tool to eliminate software bugs
  • Europe's largest e-commerce site is doing ‘things right the first time’ with the deployment of Fortify Software's source code analysis tool,
  • 
  • Source code testers expect PCI windfall
  • Companies need to comply with new standards for storing and protecting sensitive data will be a significant driver of business for source code analysis vendors
  • 
  • Fortify SCA 5.0 Extends App Protection
  • Fortify plans to ship Fortify SCA 5.0, an updated version of the company's flagship application-development security suite.
  • 
  • Fortify Gets Multilingual
  • Fortify Software has added customization and collaboration capabilities to the latest version of Fortify Source Code Analysis.
  • 
  • Get Serious About Info Integrity
  • Barmak Meftah, senior vice president of products and services at Fortify, talks about how Source Code Analyzer 5.0 will include support for Cobol, Visual Basic and Active Server Pages.
  • 
  • U.S. Air Force Bolsters Itself for Cyber War by Selecting Fortify’s Application Security Suite for Worldwide Development Teams
  • Fortify has been selected by the U.S. Air Force as part of a comprehensive $10.2 million security protection plan to protect its applications from malicious hackers.
  • 
  • CERT Advances Secure Coding Standards
  • The secure coding movement got a little boost today as CERT and Fortify Software announced that they have teamed up to automate part of the process of building security into software — specifically, automating compliance with CERT’s C and C++ Secure Coding Standard.
  • 
  • Air Force to probe code in development
  • The Air Force has awarded contracts totaling $10.2 million to three providers of application security analysis and testing software. Fortify Software won the biggest piece of the initiative and will provide the Air Force with more than $7 million in software.
  • 
  • Fortify finds Trojan devs in open source
  • While open source has drawn a halo for the community development model, recent findings from Fortify Software are revealing that some snakes may be slipping into this developer Garden of Eden.
  • 
  • Another cross to bear
  • An old problem of attackers putting backdoor malware into open–source development tools is apparently resurfacing. And now it’s got a name — cross–build injection (CBI) — thanks to Fortify Software.
  • 
  • Companies advised on data–breach clean–up
  • Bruce Jenkins, a recently retired major from the US Air Force and now security director at Fortify Software, talks about the fallout from the US Air Force data breach.
  • 
  • Betfair to speed debugging
  • Online gambling firm Betfair plans to use Fortify SCA to check code against a list of known software errors and expects the project to pay for itself within three years
  • 
  • New Centre in Singapore to Build Best Practices in Software Quality and Security
  • Fortify works with Singapore’s first statutory board of the Ministry of Defence, The Defence Science and Technology Agency (DSTA), and Nanyang Polytechnic (NYP) to deliver more engaging and on–demand learning to students and IT professionals.
  • 
  • Web 2.0: Twice the fun, twice the vulnerabilities
  • Fortify’s Brian Chess talks about how some websites are open to an exploit called JavaScript Hijacking.
  • 
  • Call it Iron Chef, Black Hat style
  • Two teams of hacking experts, using different sets of software tools as part of an event at the Black Hat security conference, engaged in some old–fashioned competition to determine which could find the most major vulnerabilities in software code.
  • 
  • Meet The Borat of Hackers
  • Hackistan’s president has identity theft on the brain at Black Hat security event.
  • 
  • Iron Chef Black Hat
  • Fortify Software spices it up this year by taking a page from the Food Network’s cookbook. Literally. Fortify will be running a session modeled after the popular Iron Chef program that airs on the Food Network.
  • 
  • Hacking, Iron Chef Style
  • Analyzing code never looked so appetizing: Engineers from Fortify and challengers from the audience will face off next month at the Black Hat conference in an “Iron Chef”–style competition to see how many vulnerabilities they can find in a piece of mystery code.
  • 
  • Fortify Defender Offer Retailers Critical Solutions to Address Key PCI Compliance Requirements
  • Fortify Software Inc. has has announced its PCI solution, a bundle of Fortify’s application security products designed to help retailers meet requirements within the Payment Card Industry Data Security Standard (PCI DSS) 1.1.
  • 
  • Customer data privacy deadline arrives in the UK
  • As the Payment Card Industry (PCI) data security standard comes into force this month, many companies are still struggling to meet its stringent standards.
  • 
  • Fortify boosts Web 2.0 protection
  • Fortify Software has updated its Secure Coding Rulepacks to help protect companies from new threats such as JavaScript hijacking and vulnerabilities in web 2.0 applications.
  • 
  • Startups class of '06: Where are they now?
  • In 2006, InfoWorld uncovered 15 startups — among them Fortify Software — that emerged after the nuclear winter that followed the dot–com bust with cool, useful technologies. In the year that has followed, how have these innovators fared?