Fortify Software Delivers Governance to Software Security and Brings Security Assurance to Third Party Software
New technologies provide first platform for software security governance, provide hosted solution to assure the security of outsourced or commercial software
Fortify 360 is the market leading suite of solutions to contain, remove and prevent vulnerabilities in software applications. The latest release, Fortify 360 Version 2.0, now includes governance capabilities allowing enterprises to fully manage their organization-wide Software Security Assurance effort. Fortify Vendor Security Management provides enterprises with Fortify’s award-winning analysis technologies through a software-as-a-service offering, enabling companies to inspect the security of applications when source code is not available from commercial software vendors.
“One of the biggest challenges to implementing a Software Security Assurance program today is management,” said
The addition of a Web-based SSA Governance module in Fortify 360 allows enterprises to:
- Create and manage a detailed application inventory of all enterprise software, and assign risk profiles to all applications, such as those that are Web-facing, outsourced or built in-house
- Automatically generate appropriate security policies tailored to each risk profile and apply them consistently
- Communicate and track processes via a centralized system accessible to developers and security teams
“Securing an enterprise’s portfolio of software requires governance across all categories of applications, including in-house, third-party, outsourced, and open source, “said
At the same time, businesses today also face the challenge of securing software purchased from commercial vendors. “For most organizations, third-party software represents a majority of their deployed applications, but often they have little visibility into the security of that software aside from constant, disruptive patches,” continued Thornton. “Businesses today need to throw off that reactive mode of vendor management and adopt a preventative security approach that analyzes third-party software for vulnerabilities during the procurement or upgrade process and demand that significant problems be addressed prior to acceptance.”
“Virtually every organization today is built and operated on software,” said
Fortify Vendor Security Management is Fortify’s first Software-as-a-Service solution. It enables security teams to assess and verify the security of third-party software while allowing the vendor to stay in control of the process. Software vendors can upload their binaries, have a scan conducted, address any issues, and publish a report summarizing the security of their application back to the security team.
“Enterprises today face intense pressure to implement application security from compliance mandates, customers and, obviously, the increasing threat of cybercriminals and hackers,” said Gartner analyst
The SSA Governance module is included in the latest version of Fortify 360 Version 2.0, and is available immediately. www.fortify.com/products/fortify-360/governance.jsp.
Fortify Vendor Security Management will be available as a beta on
Fortify will host a webinar detailing these products on
About Fortify Software, Inc.
Fortify(R)’s Software Security Assurance products and services protect companies from the threats posed by security flaws in business-critical software applications. Its software security suite–Fortify 360–drives down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software’s customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners. More information is available at www.fortify.com or visit our blog at blog.fortify.com.
SOURCE Fortify Software