Vendors Can Assure Security to Customers

Fortify VSM provides an on Demand Software Security Assurance service built around an intuitive interface that is easily adaptable to existing workflows and developer environments. Communication and administration are completely streamlined so that vendor development resources can identify and remediate vulnerabilities effectively and efficiently, and then separately publish verification of application security to their end user customers. Fortify VSM's highly secure hosting environment assures the vendor that all code and reports will be treated with the utmost concern for securing their intellectual property and data assets.

Ensure Applications are Remediated

Fortify VSM proactively manages vendors and other third parties to address vulnerabilities prior to customer acceptance. Security teams enjoy a flexible, efficient process to verify receipt of secure software. Fortify on Demand is the only SaaS offering for software security assessment that migrates easily to a solution with full remediation capabilities.

Rely on Fortify

As the market leader in software security, Fortify has secured more than 600 customers including five of the top seven ISVs. Vendors can comfortably utilize Fortify's award-winning analyzers in a protected environment, while Fortify VSM provides neutral, independent assurance that your third-party software is secure.

Award-winning Software Analysis

• Static analysis of source code and executables
• Dynamic analysis of web apps of unlimited size, in QA or production, powered by WhiteHat
• Java, .NET or PHP code
• Correlated results from static/dynamic in a summary dashboard
• Consistent, independent five-star rating system
• Deep details by vulnerability including type, severity rating, line of code, attack surface and time to fix

Quick and Easy Process

• A highly secure SaaS environment that is automated, scheduled and available on demand
• User uploads code or URL, and Fortify on Demand does the rest
• Dynamic analysis at 3 service levels: baseline, standard or premium
• Human expert review of the results
• Vendor publishes a tamper-proof report summarizing the security of their application

Neutral, Unbiased System

• Accurate testing by vendors of their own application
• Detailed reports for third-party developers on high priority vulnerabilities with repair suggestions
• Unbiased summary report publication for customer audiences, whether procurement professionals or security practitioners.

Remediation Options

• Third-party can address security issues using an intuitive online interface, detailed reporting, education guides for each vulnerability
• Easy upgrade to Fortify 360 to build security into the software development life cycle

• Supported Languages

• Java, .NET (executables)
• PHP (source)

• End-to-End Security

• Multi-tenancy hosting
• Separate database for each customer
• Separate encrypted disk volume for each analysis

• Strong encryption for all network traffic and data storage
• Authentication required
• Secure hosting facility

• Tier IV, class "A+" Datacenter
• Financial services grade physical security
• Engineered for 99.999% power availability

• System designed using best security best practices

• Fortify's Secure SDLC
• Independent audit and code review