Fortify Software to Boost Web Development Productivity for Betfair

Fortify Source Code Analysis automates the process of finding and fixing software bugs

PALO ALTO, Calif., September 4, 2007 - Fortify® Software, the market–leading provider of enterprise application security solutions, has announced that Betfair, the world’s leading online betting company, has adopted Fortify® Source Code Analysis as a key tool in its software development process. Fortify SCA will enable Betfair to develop applications more quickly by automating the time–consuming manual processes that are associated with finding and fixing software bugs.

Betfair’s online betting exchange enables users to choose their own odds and bet against each other, even after an event has started. Its site operates 24 hours a day, 365 days a year and processes up to 1,000 bets per second. The company prides itself on the lengths it goes to keep its software code operating flawlessly. Betfair has deployed Fortify SCA to help locate and fix certain types of software bugs before formal testing starts, making the whole development lifecycle more efficient.

“Because we operate around the clock and our transactions are time–sensitive, software reliability is crucial to the success of our business. Finding an automated tool to help us maintain our high standards of source code quality was very valuable,” said Matt Young, Engineering Partner Development Director at Betfair. “In particular, we wanted to minimize the additional work for our developers of reviewing an ever–growing code base. We spent three months evaluating a range of products and suppliers, from open source to commercial, and found significant variations in approach and capabilities. Fortify impressed us both as a company and with its SCA product,” continued Young. “From the outset, they listened carefully to our requirements and shifted focus to address our specific needs–resulting in a partnership approach that has continued through into after–sales service.”

The move to adopt Fortify SCA came when Betfair recognized that detecting and fixing certain kinds of bugs were overly reliant on manual processes. It had started to become a significant overhead cost as a result of Betfair’s growing code base and its increasing number of developers working on the code. By comparing source code against a frequently updated database of known bug types, Fortify SCA enables many potential problems to be ironed out early in the development cycle. Possible coding errors highlighted by the tool are presented to developers with detailed information about why they have been flagged. This enables project teams to confirm, classify and prioritize issues at an early stage, before getting to the application testing phase of development.

With Fortify SCA, Betfair can also identify some classes of ‘regression bug’ with much less effort than was previously possible. When a bug is found, it is sometimes possible to create a customized rule that will quickly scan the entire code base for similar errors. This acts as a filter to prevent the same error being reintroduced at a later stage–avoiding making the same mistake twice.

“In particular we wanted a tool that could be targeted on a wide range of application reliability bugs, not just those traditionally classed as ‘security–related,’” continued Young. “The ability to create custom ‘rules’ was also crucial–with Fortify we can create ‘source code regression tests’ based on real bugs we have encountered in our code in the past. Unlike some other tools, it’s something that both junior and senior developers can quickly get to grips with. And, although cost is always an issue, when we looked at the alternative–hiring additional developers to do painstaking first–pass code reviews by hand–buying Fortify was better value. It will enable us to improve accuracy through automation and, as a result, free up staff to focus more on their core job functions. Fortify was without doubt the best solution for us.”

“Software flaws that compromise enterprise application availability are a growing problem for companies worldwide, especially when customers expect and require 24/7 access to accounts and services. Fortify includes these in its broad view of ‘software security’ and provides tools that help automate the elimination of both application reliability weaknesses and security vulnerabilities,” said Barmak Meftah, Fortify’s Vice President of Products and Services. “It is very encouraging to see companies such as Betfair exploring new approaches to drive down cost and risk by focusing first and foremost on the software application level. We look forward to working further with the company in a number of areas.”

Following the success of the Fortify SCA deployment, Betfair is now considering other ways in which automated tools can improve the effectiveness and accuracy of its software testing process. Specifically, the company is currently looking at other Fortify products that could enable its security team to increase the efficiency of penetration testing.

About Fortify Source Code Analysis

Fortify® SCA analyzes source code to help find and fix software vulnerabilities at the root cause, early in the development cycle, making triage, audits and remediation fast and effective for any organization. Its advanced features help developers identify and resolve issues with less effort, while enabling security leads to review and prioritize more code in less time. Fortify SCA supports a wide variety of languages, frameworks and operating systems, and delivers depth and accuracy in its results. For more information, please visit Fortify’s website at http://www.fortifysoftware.com/products/sca/.

About Fortify Software, Inc.

Fortify® Software products protect companies from the threats posed by security flaws in business–critical software applications. Its software security products–Fortify SCA, Fortify Manager, Fortify Tracer and Fortify Defender–drive down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software’s customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e–commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world–class teams of software security experts and partners. More information is available at www.fortifysoftware.com.

Press Contacts - Fortify

North America: Lisa Eskey, Sterling Communications, 1-408-884-5157, leskey@sterlingpr.com
UK: Laura Mead, Johnson King Public Relations, +44 (0) 20 7357 7799, lauram@johnsonking.co.uk
Austria, Germany and Switzerland: Ingrid Daschner, Johnson King Public Relations, +49 (0) 894085-11, ingridd@johnsonking.de

About Betfair

Betfair (www.betfair.com) operates a betting exchange—a concept it pioneered. A betting exchange allows punters to bet at prices set by punters themselves rather than by a bookmaker, which results in Betfair’s odds being consistently better than those offered by other bookmakers. Betfair was launched in June 2000 and is the UK’s No. 1 online betting company. At peak times, the exchange matches up to 1,000 bets per second. The company employs more than 1,000 people in its main offices in London, Stevenage and Tasmania, Australia, and has won numerous prestigious awards, including a Queen’s Award for Enterprise in the Innovation category and ‘Company of the Year’ at the CBI Growing Business Awards in 2004 and 2005. Betfair is a member of the World–Wide Web Consortium (W3C, www.w3.org), a worldwide standards organization led by Tim Berners–Lee, the inventor of the Web.

Press Contact - Betfair

Robin Marks, Head of Media, +44 (0)20 8834 6368, robin.marks@betfair.com