Fortify Software
Software Security Assurance
Cost Effective Prevention of Risk in Software
The facts are clear. If you develop or use software applications, you are at the front line in a war against cybercrime. Cybercriminals are as incessant in their desire to steal data and intellectual property as developers are in producing innovative products. As a result, organizations need to arm themselves against pervasive threats or face the real possibility of catastrophe. First and foremost, this means removing the countless vulnerabilities that have accumulated in software, while simultaneously ensuring that no new vulnerabilities are introduced.
SSA addresses the
immediate challenge of
securing deployed
applications
SSA addresses the
systemic challenge of
producing and procuring
secure software
SSA helps organizations
meet government and
industry application
security mandates
The question then becomes how? Organizations today are built on hundreds or even thousands of applications. These applications can be produced in-house or by outsourcing partners or procured from software vendors or from open source projects. All of this is supported by armies of developers that continue to crank out new releases of software. How does one begin the task of cleansing all of this software and ensuring that new software is secure? And do it as cheaply and efficiently as possible?
Software Security Assurance or SSA, is a risk-managed approach to improving the security of software. Like Software Quality Assurance, which ensures that software will function and perform as expected, SSA ensures that the software cannot be used in a way that might damage an organization.
Software Security Assurance addresses the immediate risk posed by security vulnerabilities in deployed applications as well as the systemic risk in development processes that don’t take security into consideration. Because the threat extends to all sources of software, SSA addresses all sources of software: internal, outsourced, procured through vendors, or open source. With SSA, organizations can map their application security activities with the organization's risk objectives and demonstrate clear value to stakeholders.
Contact me about products from Fortify Software
"We strongly believe that Fortify's holistic approach to application security - implementing security during all stages of development, rather than after the fact - proactively helps eliminate business risk and truly safeguards our enterprise against today's ever-changing security threats."
Craig Shumard, CISO, CIGNA
"We looked into a number of tools and tested them against our source base. The vast majority of them could not handle the size, scope and nature of our applications. Of all the products we tested, Fortify came closest to our technical requirements."
Oracle
"Fortify is one of the largest SAST vendors, with strong innovation as well as execution capabilities. It has expanded its technologies beyond SAST into a broader spectrum of application security disciplines that supplement its core SAST capabilities."
Gartner MQ
"Auditing at the source code level is the best way to protect applications early in the SDL. Fortify SCA will give us the opportunity to fix vulnerabilities before we push out new versions of our applications. In our view, the alternative is a security breach, and that is simply unacceptable."
Mark Crockett, Vice President of Technology and CTO of Informa Investment Scorecard
"Fortify is one of the largest SAST vendors, with strong innovation as well as execution capabilities. It has expanded its technologies beyond SAST into a broader spectrum of application security disciplines that supplement its core SAST capabilities."
Gartner MQ
"We are very pleased with our decision to integrate Fortify products into our source code review and applications security audit processes"
Rick Dakin, QSA and Cofounder of Coalfire
© 2010 Fortify Software Inc., Headquartered in San Mateo, CA USA, (650) 358-5600
eNewsletter Sign Up | Software Security Blog | Contact Us | Privacy