Fortify Software Releases Industry's First Software Assurance Suite

"Fortify 360" Provides Comprehensive Software Security from Development through Production

(10.08.04) - Fortify Software announced its newest product, "Fortify 360". Fortify 360 is a suite of integrated solutions for identifying, prioritizing and fixing security vulnerabilities in software while managing the business of ensuring application security.

The cornerstone of Fortify’s recently announced Business Software Assurance framework (see separate release), Fortify 360 executes on the company’s holistic approach to protecting corporate assets and preventing catastrophic data loss by focusing on the most vulnerable area in the enterprise – the software applications that automate critical business processes.

The first solution set of its kind, Fortify 360 uses patented capabilities to precisely identify the location of deadly vulnerabilities at every phase of development through production. Once identified, Fortify 360 provides the means to manage the complex process of repairing the numerous problems that are usually uncovered, as well as a centralized dashboard for effective management and reporting.

"Software vulnerabilities can translate directly to business risk," said analyst Diana Kelley of SecurityCurve. "Organizations need solutions that help them identify and respond to software vulnerabilities throughout the lifecycle. C-level executives require insight and understanding regarding risks and impacts, developers need solutions that work inside their development environments to help them create more secure software, and testers and auditors need solutions that help them assess software risk postures before acceptance. Fortify 360 is an innovative approach because it brings together multiple software security functions into a single framework."

Graham Titterington – Principal Analyst at Ovum said "Application security is an area that has traditionally received little attention, but has now become critical as mainstream corporate processes are performed by externally facing applications. Applications need to be secure to protect corporate assets and operations."

Fortify 360 allows companies to implement Business Software Assurance as an ongoing business process, seamlessly connecting security, software development and C-level business management teams.

"It’s not just about the technology, but also about bridging the gap between those in the enterprise responsible for development and security. Security is a low priority in software development compared to functionality, quality and performance, and most business managers are often unaware of the inherent business and security risks of deploying dangerously exposed software," said Roger Thornton, Fortify’s Chief Technology Officer and founder. "Fortify 360 connects all of these teams, integrating software assurance as a business process throughout the organization."

Fortify 360 offers:

· Fortify 360 Analysis: applies three integrated levels of analysis including static analysis of the code, dynamic analysis of running applications during QA testing, and real-time monitoring of applications once they have been deployed, providing the most comprehensive security analysis in the market today

· Audit Workbench: correlates and prioritizes vulnerabilities so that IT and security teams can effectively manage and remediate the most pressing risks first

· Instant Remediation capability: allows rapid response to time-sensitive vulnerabilities affecting deployed applications by delivering patches immediately

· Collaboration Module: provides a shared working environment where security and development teams can work together to resolve vulnerabilities

· Software Security Governance: establishes a centralized security dashboard and control center for effective reporting and trend tracking over multiple applications

In addition to its analysis and remediation processes, Fortify 360 also provides users with regular threat intelligence updates generated by the Fortify Security Research Group, the industry’s only team of researches dedicated to software application security. These updates, known as rulepacks, are well-known throughout the industry for their insight on why real world systems fail and how Fortify customers can best address impending threats.

"DTCC implemented an industry leading software security program by focusing on the collection and aggregation of multiple vulnerability detection sources and turning them into prioritized remediation requirements aligned with projects and business areas integrated with the software development lifecycle," said Jim Routh, Chief Information Security Officer of Depository Trust & Clearing Corporation. "Fortify 360 is one of the solutions that addresses many of the reporting and management requirements for software security programs for financial service firms."

"Fortify 360 challenges the premise of other point solutions in the industry by addressing the root cause of software vulnerabilities from the get-go," commented Barmak Meftah, Senior Vice President of Products and Services at Fortify. "Our product suite and approach really allows our customers to change how they view their software, and achieve their security goals much faster." (Fortify: ra)