Fortify Software

Fortify

Type	former Independent Software Vendor
Industry	Computer software
Genre	Software Security Assurance
Founded	2003
Founder	Ted Schlein of Kleiner, Perkins, Caufield & Byers, Mike Armistead, Brian Chess, Arthur Do, Roger Thornton
Headquarters	San Mateo, California, United States
Key people	John M. Jack (former CEO), Jacob West(head of Security Research Group), Brian Chess(former Chief Scientist), Arthur Do (former Chief Architect)
Owner	Hewlett Packard Company
Website	HP Software Security web page and HP Fortify Software Security Center Server

Fortify Software, known now as Fortify, was a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010.^[1] Fortify is now part of HP Enterprise Security Products in the HP Software business, providing application security products and services for enterprise customers to assess, assure and protect enterprise software and applications from security vulnerabilities.^[2][3]

Technical advisory board

Fortify's technical advisory board was composed of Avi Rubin, Bill Joy, David A. Wagner, Fred Schneider, Gary McGraw, Greg Morrisett, Li Gong, Marcus Ranum,Matt Bishop, William Pugh and John Viega.

Security research

Fortify created a security research group that maintained the Java Open Review project^[4] and the Vulncat taxonomy of security vulnerabilities in addition to the security rules for Fortify's analysis software.^[5] Members of the group wrote the book, Secure Coding with Static Analysis, and published research, including JavaScript Hijacking,^[6] Attacking the build: Cross build Injection,^[7] Watch what you write: Preventing Cross-site scripting by observing program output^[8] and Dynamic Taint Propagation: Finding Vulnerabilities Without Attacking.^[9]

Offerings

Fortify offerings included Static Application Security Testing^[10] and Dynamic Application Security Testing^[11] products, as well as products and services to support Software Security Assurance, or repeatable and auditable secure behaviors, over the course of a software application's life cycle.^[12]

In February 2011, Fortify also announced Fortify OnDemand, a static and dynamic application testing service.^[13]

See also

• List of tools for static code analysis
• ArcSight
• TippingPoint

References

1. ↑ HP Press Release: "HP Completes Acquisition of Fortify Software, Accelerating Security Across the Application Life Cycle" September 22, 2010.
2. ↑ Software Searches for Security Flaws (English), PCWorld.com, April 5, 2004
3. ↑ A New Approach to Fortify Your Software , Internetnews.com, April 5, 2004
4. ↑ "Quality and Solutions for Open source Community"^{[dead link]}
5. ↑ "Software security errors"^{[dead link]}
6. ↑ "JavaScript Hijacking"^{[dead link]}
7. ↑ "Attacking the Build through Cross-Build Injection"
8. ↑ "Watch What You Write: Preventing Cross-Site Scripting by Observing Program Output"
9. ↑ "Dynamic taint propagation"
10. ↑ Fortify SCA
11. ↑ Fortify Runtime
12. ↑ HP Fortify Governance
13. ↑ SD Times, “HP builds up its Security-as-a-Service .” February 15, 2011.

External links

• HP Fortify website
• Fortify Product
• HP Software official site
  • Gartner report, on Fortify website
• Java Open Review Project
• Software Isn't Complete Unless It's Secure, BusinessWeek, September 26, 2006 - Article on Fortify by Bill Joy
• Fortify OnDemand