Fortify Software and HP identify and fix critical security vulnerabilities across the application life cycle

(22/06/2009)

Fortify Software has announced a collaboration with HP to help customers reduce their business risk by identifying, prioritizing and fixing critical security vulnerabilities across the application life cycle.

Fortify 360’s Static Application Security Testing (SAST) technology will be integrated with HP Application Security Center and HP Quality Center software solutions to give enterprise users increased visibility into application security across development, quality assurance and security operations.

“The combination of these technologies brings together development’s security efforts with software quality and dynamic application security testing,” said John M. Jack, CEO of Fortify Software. “Not only will customers benefit from increased visibility into the security of their software throughout its lifecycle, but they will be even better equipped to assess and manage the overall risk to their business while cutting the costs it takes to perform these tasks.”

Recent studies show that data breaches and cyber attacks on the application layer continue to rise at an alarming rate, and the National Institute of Standards & Technology (NIST) notes that 92% of exploitable vulnerabilities are found in the software. As businesses strive to mitigate the risks posed by vulnerable software, mandates from organizations such as the Payment Card Industry (PCI) Security Standard Council make it imperative to address security through all phases of the software life cycle.

“Enterprise businesses can reduce security risks inherent in their software by bringing together their development, quality assurance and security operations groups,” said Jonathan Rende, vice president and general manager, Business Technology Optimization Applications, Software and Solutions, HP. “Combining Fortify's leading static application security testing technology together with HP’s market-leading quality and web application security solutions delivers unparalleled visibility across the application lifecycle.”

Fortify and HP will first focus on integrating Fortify 360 static application security testing results into HP Assessment Management Platform (AMP) to give customers a real-time dashboard view of application security scanning efforts enterprise-wide. The collaboration also includes integration of Fortify 360 source code security results with HP Quality Center’s defect management system. This will enable customers to seamlessly submit security issues detected by Fortify 360 source code analysis into HP Quality Center's defect management system so they can be managed like other software defects.

According to Joseph Feiman, VP and Gartner Fellow, "Conceptually, static tools test applications from the ‘inside out,’ whereas dynamic tools test applications from the ‘outside in.’ These techniques are complementary, and we believe that vendors have greater vision if they integrate static and dynamic testing to increase the breadth of application lifecycle coverage and the accuracy of vulnerability detection."

Related topics:  Application and software security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources