Fortify Software

Fortify Software

Home Solutions SDL

Fortify Software is a member of the Microsoft Security Development Lifecycle (SDL) Pro Network

The Security Development Lifecycle (SDL) is the industry-leading software security assurance process created by Microsoft and the SDL Pro Network is a group of security consultants, training companies, and tool providers that specialize in application security and have substantial experience and expertise with the methodology and technologies of the Security Development Lifecycle (SDL) created by Microsoft and proven effective since 2004.

For more information, visit www.microsoft.com/sdl (or the SDL Pro Network page) www.microsoft.com/security/sdl/getstarted/pronetwork.aspx

The Fortify Mission:

Enabling Software Security Assurance

Software Security Assurance is a growing industry trend that refers to technologies and techniques that enable you to maximize the flexibility, enhanced capabilities and easy availability of enterprise software without exposing your operations to attacks that can threaten your business. Our vision and implementation of Software Security Assurance results in applications that are inherently secure and impervious to attack, even if intruders get past network perimeter defenses. With our solutions, you can enhance software assurance by identifying and resolving your most critical application vulnerabilities in less time and for less cost. In addition, our solutions integrate seamlessly with the tools and processes you already have in place, enabling you to make Software Security Assurance a core business process.

Fortify 360 helps meet the demands of all phases of the SDL and Fortify on Demand enables automated accurate vulnerability assessment meeting the needs in the Implementation and Verification phases. Fortify's professional software security services and training also span all phases of the SDL helping organizations stay on track with multi-project Software Security Assurance programs.

Creation and implementation of repeatable processes in the SDL are an essential step in secure development best practices. Yet, without effective automation, delivery and tracking of the security activities defined in a SDL, organizations may still find the situation to be unmanageable. For individual projects, the Governance Module a key part of Fortify 360 provides a convenient web portal where risk-mitigation activities and artifacts can be logged and communicated. For every project in the organization, the Fortify 360 SSA Governance Module automatically assigns the correct activities based on the project's specific risk profile. The application security teams can then track project effort and receive alerts based upon completed or missed milestones. With these capabilities in place, the security team can begin to move towards a management-by-exception approach to SSA, freeing up valuable time to support other activities. Advanced reporting and viewing capabilities provide the means to quickly consolidate results across all projects, deliver executive-quality reports and identify areas of improvement.

For those organizations that are seeking a fast-start Security Development Lifecycle, SDL templates and artifacts based on the Microsoft SDL are provided. These templates provide an effective SDL that can be implemented out-of-the box. This can eliminate much of the research and expertise required to develop an SDL.

Fortify provides unique software security solutions and services that protect companies and government agencies from today's greatest security risk: the software that runs their businesses through a full solution that includes:

  • Fortify 360: the market leading suite of solutions for Software Security Assurance (SSA) brings together the critical analytic, remediation and management capabilities necessary to identify, remove, contain and prevent security vulnerabilities in software.
    • To help stay on track with multi-project SSA programs, there is the Fortify 360 SSA Governance Module.
    • This part of Fortify 360 provides a single system-of-record with views into the assets, activities and results related to the organization's entire SSA effort.
  • Fortify on Demand: a set of hosted Software-as-a-Service (SaaS) solutions that allow any organization to test and score the security of all software with greater speed and accuracy
    • Addresses needs in the Implementation and Verification phases of the Security Development Lifecycle
      • Testing to identify the problem enables organizations to 1) prioritize applications, 2) Identify vulnerabilities and 3) validate the threat.
  • Fortify Professional Software Security Services ensures that every Fortify customer successfully implements and deploys Fortify products, improving their time to productivity.
    • Addresses all phases of the Security Development Lifecycle.
      • Software Security Assurance Consulting Services Include:
        • Software Business Risk Assessment
        • Application Security Strategy & Planning
        • SSA Process Development & Implementation
        • Security Development Lifecycle Planning
        • Application Vulnerability Assessment
        • 3rd Party Application Assessment
        • Policies, Guidelines, & Technical Papers
        • Ongoing Managed (Onsite) Assessment Service
        • Education - Awareness & Secure Coding
      • Fortify 360 Product Services Include:
        • Fortify QuickStarts
        • Architecture - Implementation Design Consulting
        • Pilot Services
        • Product Configuration & Deployment
        • Advanced Integration & Tuning Services
  • Education & Certification Fortify Training combines instructor-led TeamStart workshops with eLearning courses to provide a comprehensive education program for an application team to ensure a high level of application security awareness and proficiency with Fortify's products.
    • Addresses all phases of the Security Development Lifecycle.
      • Fortify recommends a simple yet comprehensive three-step approach to educating your application team on software security and use of Fortify 360:
        • Establish a fundamental software security capability within an organization using Software Security Assurance eLearning Courses.
        • TeamStart Workshops teach developers and security team members to automate security processes, like source code analysis, using Fortify 360
        • Leverage Fortify Product eLearning Courses to maximize retention of the TeamStart content and to support scalability to new team members.

Fortify can establish a software security assurance program that will span your security, IT, and application development organizations to meet your specific SDL needs, call us at: (650) 358-5600 or e-mail us at contact@fortify.com to discuss the best way to leverage our industry leading solutions.

Sign up for a Free Trial

Contact me about products from Fortify Software

Contact Fortify Software

Resources

© 2010 Fortify Software Inc., Headquartered in San Mateo, CA USA, (650) 358-5600

eNewsletter Sign Up | Software Security Blog | Contact Us | Privacy