Fortify Software Experiences Significant Growth in Q3 2008

Top analyst firms recognize Fortify as the Application Security Leader while company closes Q3 with wins in federal and commercial markets, adding more than 40 new organizations to its marquee list of customers

SAN MATEO, Calif., November 12, 2008 - Fortify Software, the market leader in enterprise application security solutions for Business Software Assurance (BSA), today announced a strong close to their third quarter, highlighted by several new defense and civilian agency customer wins in the Federal market. On the commercial side of the business, Fortify increased its bookings nearly 50 percent over Q3 2007. Further, two top analyst firms–Gartner/Dataquest and Bloor Research–recognized Fortify as the application security market leader.

During Q3, Fortify expanded its footprint within the US government, securing deals with the United States Army, United States Navy, the National Security Agency (NSA), National Aeronautics and Space Administration (NASA), the Internal Revenue Service (IRS), the Department of Homeland Security (DHS) Science & Technology Directorate and the Transportation Security Administration (TSA), among others. These agencies have adopted Fortify's flagship application security product suite, Fortify 360. These new customer wins add to Fortify's existing deep roots with the United States Air Force. Last year, Fortify closed a major, multi-million dollar deal with the Air Force—the military's largest investment in application security to-date.

"Expanding Fortify's presence in the government sector was a key objective for us this year so we are very pleased with the significant amount of traction we have had on both the federal and civilian sides," said John M. Jack, CEO of Fortify Software. "With the threat landscape rapidly evolving from the network to the application layer, it is imperative for the government to refocus its efforts on securing its mission-critical software applications—where today's biggest threats reside."

The list of additions to Fortify's government customer base are:

Defense

MITRE
National Security Agency (NSA)
Army G3
U.S. Army Accessions Command (USAAC)
Office of the Secretary of Defense/WHS
U.S. Army Communications and Electronics Command (CECOM)
U.S. Army Missile Command
U.S. Air Force
U.S. Navy
Army Knowledge Online (AKO)

Civilian

National Aeronautics and Space Administration (NASA)
U.S. Department of Treasury/Internal Revenue Service (IRS) and The Office of Thrift Supervision (OTS)
U.S. Department of State
National Oceanic and Atmospheric Administration (NOAA)/National Climatic Data Center
The Federal Reserve System
Transportation Security Administration (TSA)
U.S. Election Assistance Commission (EAC)
The Department of Homeland Security (DHS) Science & Technology Directorate

"Most government agencies today have implemented traditional network security solutions such as firewalls and intrusion detection and prevention systems, but they haven't considered the negative implications if a mission-critical application is hacked or broken into," said Mark Kagan, Research Manager, IDC Government Insights. "For example, the Air Force saw attacks on its applications rise from 2 percent in 2005 to 36 percent in 2007 and, as a result, put in place a strategy for addressing application threats head-on. Other government agencies should follow the Air Force's lead in taking a proactive approach to protecting their software and applications."

Fortify also increased its commercial business compared to Q3 2007. Several major companies–including Boeing and Bayview Finanical–helped grow Fortify's commercial business nearly 50% over Q3 2007. Fortify's Japanese office continued to experience significant growth with the addition of SANYO, NEC, Mitsubishi Research Institute DCS, SONY Corp. and Mitsubishi UFJ Security.

Finally, Gartner and Bloor Research each recognized Fortify as the leader in the application security arena.

In Gartner's report, Market Share: Application Development Software, Worldwide, 2007, Fortify topped IBM and HP with a 17.3% market share.

Bloor Research, in its Market Update, Application Security, placed Fortify in the market leader position in the bulls-eye market overview.

"We are happy to be recognized as the market leader in application security from analyst firms worldwide who have done their due diligence," said John M. Jack, CEO of Fortify Software. "In terms of our commercial success and the completeness of our vision for Business Software Assurance, we take our leadership position very seriously."

About Fortify Software, Inc.

Fortify® 's Business Software Assurance products and services protect companies from the threats posed by security flaws in business-critical software applications. Its software security suite - Fortify 360 - drives down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners. More information is available at www.fortify.com.

Press Contact

Katherine Nellums
Merritt Group
415-247-1663 Nellums@merrittgrp.com