(pressebox) London, 06.04.2009, Fortify® Software, the market leader in Software Security Assurance solutions, announced today the latest release of its cornerstone software security suite, Fortify 360, as well as its first-ever hosted software security solution, Fortify Vendor Security Management.
Fortify 360 is an integrated dynamic and static analysis solution for containing, removing and preventing vulnerabilities in software and applications. The latest version, Fortify 360 2.0, now includes an automated governance module allowing enterprises to fully manage their organization-wide Software Security Assurance (SSA) effort. Fortify Vendor Security Management provides enterprises with Fortify’s award-winning analysis technologies through a software-as-a-service offering, enabling companies to inspect the security of applications when source code is not available from Commercial Off-the-shelf Software (COTS) vendors or outsourcers.
"One of the biggest challenges to implementing a Software Security Assurance program today is management," said Roger Thornton, co-founder and CTO of Fortify Software. "Today’s environment forces security professionals to work with development, legal and executive teams making the process of securing applications complex. Automation is the only way to ensure the efficiency and success of any security initiative."
The addition of a Web-based SSA Governance module to Fortify 360 allows enterprises to:
- Create and manage a detailed application inventory of all enterprise software, and assign risk profiles to all applications, such as those that are Web-facing, outsourced or built in-house
- Automatically generate appropriate security policies tailored to each risk profile and apply them consistently
- Communicate and track processes via a centralized system accessible to developers and security teams
"Securing an enterprise’s portfolio of software requires governance across all categories of applications, including in-house, third-party, outsourced, and open source, "said Jim Routh, chief information security officer of the Depository Trust & Clearing Corporation (DTCC). "You need to evaluate each application, developing a risk based inventory as well as defining and consistently applying security activities for each supply chain component. Fortify’s Governance Module will automate this process and provide visibility into the progress and status of software security across the organization’s supply chain."
At the same time, businesses today also face the challenge of securing software purchased from commercial vendors. "For most organizations, third-party software represents a majority of their deployed applications, but often they have little visibility into the security of that software aside from constant, disruptive patches," continued Thornton. "Businesses today need to escape the patch management rat race and adopt a preventative security approach that analyzes third-party software for vulnerabilities during the procurement or upgrade process and demand that significant problems be addressed prior to acceptance."
Fortify Vendor Security Management is Fortify’s first Software-as-a-Service solution that enables security teams to assess and verify the security of third-party software while allowing the vendor stay in control of the process. Software vendors can upload their binaries, have a scan conducted, address any issues, and publish a report summarizing the security of their application back to the security team.
"Virtually every organization today is built and operated on software," said John M. Jack, president and CEO of Fortify Software. "Implementing software security assurance is imperative to mitigating the business risk associated with vulnerable applications, whether built in-house, outsourced, or acquired from commercial vendors. Fortify’s solutions help customers deal with the immediate challenge of removing vulnerabilities from their existing applications as well as the systemic challenge of producing and acquiring secure software."Über Fortify Software, Inc
Fortify®’s Software Security Assurance products and services protect companies from the threats posed by security flaws in business-critical software applications. Its software security suite-Fortify 360-drives down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software’s customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners. More information is available at www.fortify.com or visit our blog at blog.fortify.com.
No Comments on "Fortify Software Releases Software Security Governance Capability and New Hosted Security Solution"