Fortify Software

Fortify Software

Home Products Fortify 360 Governance

SSA Governance

Effective Management of Software Security Assurance Programs
Organization–wide SSA programs present many challenges for the security team. As the number of projects increase, the security team may experience difficulty in meeting the demands put on it by development teams, auditors and management. Creation and implementation of a Secure Development Lifecycle (SDL) is an essential first step in getting control of the situation. Yet, without effective automation of the security activities defined in a SDL, security teams may still find the situation unmanageable.

For staying on track with multi–project SSA programs, Fortify has created the SSA Governance Module. It provides an audit–quality, single system–of–record with views into the assets, activities and results related to the organization's entire SSA effort.

For individual development projects it delivers a convenient Web portal, where risk–mitigation activities and artifacts can be accessed, logged and communicated. It automatically assigns the correct activities based on a project's specific risk profile. Advanced reporting and dashboard capabilities provide the means to quickly consolidate results across all projects, deliver executive–level reports and identify areas of improvement.

For those organizations that are seeking a fast–start SDL, SDL templates and artifacts based on Fortify best practices are provided. These templates provide an effective SDL that can be implemented out of the box; greatly reducing, if not eliminating, the effort required to develop an SDL in–house.

Capabilities
Advantages

Dashboard Level View of your Entire SSA Program

Fortify 360 SSA Governance Module gives both project and program level visibility and control of your SSA effort. It consolidates the many SSA related activities going on in an organization into a single dashboard level view.

Maintain an Accurate Inventory of your Application Portfolio

Fortify 360 SSA Governance Module provides all the capabilities necessary to create and maintain an accurate centralized inventory of your entire application portfolio. For each application users can specify business and technical attributes as well as application dependencies. Users can then sort on these attributes to create reports or reveal areas of interest.

Generate Security Requirements based on Risk Profiles

Fortify 360 SSA Governance Module automatically applies the security policies in place to generate a set of customized activities tailored to each application's specific risk profile.

Communicate and Track all Activities using a Centralized System

Activities are available to each development project through Fortify 360 SSA Governance Module's web portal. Along with activities, artifacts can also be delivered. As teams complete their activities and upload artifacts, information is securely stored in the Fortify 360 Server. Users have access to a variety of reports and can also set and receive alerts on activity completion or missed deadline.

Out–of–the Box Reporting and Process Templates

Fortify 360 SSA Governance Module comes with a set of preconfigured processes and reports. These are based on Fortify best practices gathered over the course of 500 SSA deployments throughout the world.

 

Sign up for a Free Trial

Contact me about products from Fortify Software

Fortify in the news

Contact Fortify Software

© 2010 Fortify Software Inc., Headquartered in San Mateo, CA USA, (650) 358-5600

eNewsletter Sign Up | Software Security Blog | Contact Us | Privacy