Fortify Software

Home Products Threat Intelligence

Threat Intelligence

Fortify Software is at the forefront in developing threat intelligence to stay ahead of ever-changing security threats to your software. Fortify's Security Research Group, an internal team of security experts, is dedicated to tracking the latest hacking trends and vulnerability issues. These researchers combine deep software expertise with decades of collective security experience and form the frontline of security at Fortify

Security Research Group

The Security Research Group is an internal team of security experts dedicated to identifying new vulnerabilities and ensuring Fortify 360 stays ahead of the hacking community. To read more about the Security Research Group, click here.

Rulepack Subscription

The Security Research Group releases critical updates on a quarterly basis to Fortify customers. To read more about the Rulepack Subscription, click here.

Technical Advisory Board

Fortify's Technical Advisory Board consists of group of world-renowned industry and academic experts that provide guidance and feedback on a regular basis. To read more about the Technical Advisory Board, click here

Security Vulnerabilities

The Fortify Security Research Group has document the largest set of application security vulnerabilities. For a full listing, with descriptions, click here.

Open Source Security

The Fortify Security Research Group produces cutting edge research on new and relevant topics. The open source initiative, called Fortify Java Open Review identifies and reports bugs and security vulnerabilities in widely used Java open source software. To read more about Java Open Review.

Fortify Thought Leadership

In June 2007, the Manager of Fortify's Security Research Group, Jacob West, along with Fortify's Chief Scientist, Brian Chess, published a book entitled Secure Programming with Static Analysis. As the first of its kind, it serves as a complete guide to static analysis: how it works, how to integrate it into the software development processes and how to make the most of it during security code review. Incorporating real-world security examples, the book shows how coding errors are exploited, how they could have been prevented and how static analysis can rapidly uncover similar mistakes.

Contact me about products from Fortify Software

Fortify in the news

Contact Fortify Software

"We strongly believe that Fortify's holistic approach to application security - implementing security during all stages of development, rather than after the fact - proactively helps eliminate business risk and truly safeguards our enterprise against today's ever-changing security threats."

Craig Shumard, CISO, CIGNA

"We looked into a number of tools and tested them against our source base. The vast majority of them could not handle the size, scope and nature of our applications. Of all the products we tested, Fortify came closest to our technical requirements."

Oracle

"Fortify is one of the largest SAST vendors, with strong innovation as well as execution capabilities. It has expanded its technologies beyond SAST into a broader spectrum of application security disciplines that supplement its core SAST capabilities."

Gartner MQ

"Auditing at the source code level is the best way to protect applications early in the SDL. Fortify SCA will give us the opportunity to fix vulnerabilities before we push out new versions of our applications. In our view, the alternative is a security breach, and that is simply unacceptable."

Mark Crockett, Vice President of Technology and CTO of Informa Investment Scorecard

Gartner MQ

"We are very pleased with our decision to integrate Fortify products into our source code review and applications security audit processes"

Rick Dakin, QSA and Cofounder of Coalfire