Fortify Software
 |
|
| Type | owned by Hewlett Packard Company |
|---|---|
| Industry | Computer software |
| Founded | 2003 |
| Headquarters | San Mateo, California, U.S. |
| Key people | John M. Jack (former CEO) |
| Website | fortify.com and www.hp.com |
Fortify Software is a San Mateo, California-based software vendor. The company was founded in 2003 and provides products that identify and remove security vulnerabilities from software applications.[1][2] Its initial funding was provided by Kleiner, Perkins, Caufield & Byers. In September, 2010, the company announced it was acquired by Hewlett-Packard Company[3] as part of its HP Software Division. It now operates as an HP company.
Contents |
[edit] Technical Advisory Board
Fortify's technical advisory board includes Avi Rubin, Bill Joy, David A. Wagner, Fred Schneider, Gary McGraw, Greg Morrisett, Li Gong, Marcus Ranum, Matt Bishop, William Pugh and John Viega.
[edit] Security Research
Fortify continues to run a security research group which maintains the Java Open Review project[4] and the Vulncat taxonomy of security vulnerabilities[5]. Members of the group are also responsible for the book Secure Coding with Static Analysis and for published research, including JavaScript Hijacking[6], Attacking the build: Cross build Injection[7], Watch what you write: Preventing Cross-site scripting by observing program output[8] and Dynamic taint propagation: Finding vulnerabilities without attacking[9].
[edit] Products
The Fortify 360 product suite consists of the following components:[10]
- Fortify 360 SCA (Source Code Analyzer): a tool for static analysis of application source code
- Fortify 360 PTA (Program Trace Analyzer): a tool for dynamic analysis when an application is running
- Fortify 360 RTA (Real-Time Analyzer): a web application firewall for dynamic analysis of deployed applications in real time
- Fortify 360 Collaboration Module: a web-based collaborative environment for fixing software flaws
- Fortify 360 Application Defense Module: protects Java and .NET_Framework applications from attacks
- Fortify 360 SSA Governance Module: for managing multi-project Software Security Assurance (SSA) programs
In February 2011, HP also announced Fortify On Demand, which provides static and dynamic analysis in the cloud.[11]
[edit] See also
[edit] References
- ^ Software Searches for Security Flaws (English), PCWorld.com, April 5, 2004
- ^ A New Approach to Fortify Your Software (English), Internetnews.com, April 5, 2004
- ^ HP Press Release: "HP Completes Acquisition of Fortify Software, Accelerating Security Across the Application Life Cycle." September 22, 2010.
- ^ "Quality and Solutions for Open source Community"
- ^ "Software security errors"
- ^ "JavaScript Hijacking"
- ^ "Attacking the Build through Cross-Build Injection"
- ^ "Unknown"
- ^ "Dynamic taint propagation"
- ^ Fortify 360
- ^ SD Times, “HP builds up its Security-as-a-Service .” February 15, 2011.
[edit] External links
- Fortify website
- HP Software official site
- HP Software Solutions Community
- Java Open Review Project
- Software Isn't Complete Unless It's Secure, BusinessWeek, September 26, 2006 - Article by Fortify Software Advisor Bill Joy
- Vnunet.com: "Critical Linux Vulnerability Exposed."
|
|||||||||||||||||||||||||||||||||||||||||
15% 
