Fortify Software Offers States Free Security Analysis of E-Voting Machines

Secretaries of State offered-at no cost-award-winning source code analyzer to ensure security of state-owned electronic voting systems

SAN MATEO, Calif., January 31, 2008 - Fortify Software, the market leader in enterprise application security solutions, announced today that it is offering a free copy of Fortify® SCA 5.0, the fifth generation of its award-winning source code analysis software, to every Secretary of State in the United States of America in response to increasing evidence of the deployment of insecure e-voting machines in national elections. Registration for the complimentary offer is available online at http://www.fortifysoftware.com/landing/extra/evoting.html.

Fortify's gesture is an effort to give each state the ability to ensure that the electronic voting systems used in the upcoming November presidential elections are designed to protect both voter privacy and the integrity of election results.

"We’re donating our products to states so they can find places where their machines’ software is vulnerable to attack,” said John M. Jack, Fortify’s CEO.  "These coding mistakes open the door for a malicious voter or polling location volunteer to change your vote or even cast multiple votes; corrupting an election could be as easy as inserting a carefully programmed cartridge or a bogus ballot into the machine."

Recent security analyses of electronic voting machines by the state departments of California, Florida and Ohio point to fundamental vulnerabilities in the software running their machines.  These states used Fortify SCA in separate and independent source code reviews, and uncovered numerous code-level flaws that could have proved fatal to the election process.

"Our assessment found security vulnerabilities in the software of these systems," said Matt Bishop, a professor of computer science at UC Davis and member of Fortify’s Technical Advisory Board participating in the California and Florida reviews. "This security review provides information that analysts can use to find these problems, and developers can use to eliminate them."

"The security assessment that led to the de-certification of e-voting machines in California is just one example that software on these machines is not secure," Jack added. "The world’s largest banks, government agencies and telecommunications companies use our analysis tools to guard against attack, and we encourage electronic voting machine vendors to take the same precautions to ensure the security of their services."

Fortify's security technology incorporates feedback from the company's worldwide customer base to bring collaboration, customization and more comprehensive protection to the Software Development Lifecycle (SDL).

"We invite every Secretary of State to take us up on our offer to be proactive in mitigating these types of security risks," commented Jack.  "A voting machine that has been hacked looks just like a voting machine that hasn't been hacked.  If we can't trust our election results, our democratic system doesn't work."
 
Those interested in learning more about Fortify SCA 5.0 will find product information available online at http://www.fortify.com/products/sca/.

For more information on the assessments in California, Florida and Ohio visit:

California - http://www.sos.ca.gov/elections/elections_vsr.htm

Florida - http://election.dos.state.fl.us/pdf/FinalAudRepSAIT.pdf

Ohio - http://www.sos.state.oh.us/sos/info/everest.aspx

About Fortify Software, Inc.

Fortify® Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security products—Fortify SCA, Fortify Manager, Fortify Tracer and Fortify Defender—drive down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners. More information is available at www.fortify.com.

Press Contact

Katherine Nellums
Merritt Group
415-247-1663

Nellums@merrittgrp.com