Fortify Software
Encyclopedia
Fortify Software is a San Mateo
, California
-based software vendor. The company was founded in 2003 and provides products that identify and remove security vulnerabilities
from software applications. Its initial funding was provided by Kleiner, Perkins, Caufield & Byers
. In September, 2010, the company announced it was acquired by Hewlett-Packard Company as part of its HP Software Division. It now operates as an HP company.
, Bill Joy
, David A. Wagner, Fred Schneider, Gary McGraw
, Greg Morrisett
, Li Gong, Marcus Ranum
, Matt Bishop, William Pugh
and John Viega
.
In February 2011, HP also announced Fortify On Demand, which provides static and dynamic analysis in the cloud.
San Mateo, California
San Mateo is a city in San Mateo County, California, United States, in the San Francisco Bay Area. With a population of approximately 100,000 , it is one of the larger suburbs on the San Francisco Peninsula, located between Burlingame to the north, Foster City to the east, Belmont to the south,...
, California
California
California is a state located on the West Coast of the United States. It is by far the most populous U.S. state, and the third-largest by land area...
-based software vendor. The company was founded in 2003 and provides products that identify and remove security vulnerabilities
Vulnerability (computing)
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
from software applications. Its initial funding was provided by Kleiner, Perkins, Caufield & Byers
Kleiner, Perkins, Caufield & Byers
Kleiner Perkins Caufield & Byers ' is a world-leading venture capital firm located on Sand Hill Road in Menlo Park in Silicon Valley. The Wall Street Journal has called it one of the "largest and most established" venture capital firms in the world...
. In September, 2010, the company announced it was acquired by Hewlett-Packard Company as part of its HP Software Division. It now operates as an HP company.
Technical Advisory Board
Fortify's technical advisory board includes Avi RubinAvi Rubin
Aviel David Rubin a graduate of the University of Michigan and Professor of Computer Science at Johns Hopkins University, Technical Director of the Information Security Institute at Johns Hopkins, Director of ACCURATE, President and co-founder of and an expert in systems and networking security...
, Bill Joy
Bill Joy
William Nelson Joy , commonly known as Bill Joy, is an American computer scientist. Joy co-founded Sun Microsystems in 1982 along with Vinod Khosla, Scott McNealy and Andy Bechtolsheim, and served as chief scientist at the company until 2003...
, David A. Wagner, Fred Schneider, Gary McGraw
Gary McGraw
Gary McGraw is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include , , , , , and ; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific...
, Greg Morrisett
Greg Morrisett
John Gregory Morrisett is the Allen B. Cutting Professor of Computer Science and Associate Dean for Computer Science and Engineering in the Harvard School of Engineering and Applied Sciences....
, Li Gong, Marcus Ranum
Marcus J. Ranum
Marcus J. Ranum is a computer and network security researcher and industry leader. He is credited with a number of innovations in firewalls, including building the first Internet email server for the whitehouse.gov domain, and intrusion detection systems...
, Matt Bishop, William Pugh
William Pugh
William Pugh is the inventor of the skip list, the Omega test for deciding Presburger arithmetic, co-author of the static code analysis tool FindBugs, and was highly influential in the development of the current memory model of the Java language together with his PhD student Jeremy Manson.He is...
and John Viega
John Viega
John Viega is a computer security specialist in the United States.-Books:He is the co-author of a number of books on computer security, including The Myths of Security , Beautiful Security, Building Secure Software , Network Security with OpenSSL , the Secure Programming Cookbook and the 19 Deadly...
.
Security Research
Fortify continues to run a security research group which maintains the Java Open Review project and the Vulncat taxonomy of security vulnerabilities. Members of the group are also responsible for the book Secure Coding with Static Analysis and for published research, including JavaScript Hijacking, Attacking the build: Cross build Injection, Watch what you write: Preventing Cross-site scripting by observing program output and Dynamic taint propagation: Finding vulnerabilities without attacking.Products
The Fortify 360 product suite consists of the following components:- Fortify 360 SCA (Source Code Analyzer): a tool for static analysis of application source code
- Fortify 360 PTA (Program Trace Analyzer): a tool for dynamic analysis when an application is running
- Fortify 360 RTA (Real-Time Analyzer): a web application firewall for dynamic analysis of deployed applications in real time
- Fortify 360 Collaboration Module: a web-based collaborative environment for fixing software flaws
- Fortify 360 Application Defense Module: protects JavaJava (programming language)Java is a programming language originally developed by James Gosling at Sun Microsystems and released in 1995 as a core component of Sun Microsystems' Java platform. The language derives much of its syntax from C and C++ but has a simpler object model and fewer low-level facilities...
and .NET Framework.NET FrameworkThe .NET Framework is a software framework that runs primarily on Microsoft Windows. It includes a large library and supports several programming languages which allows language interoperability...
applications from attacks - Fortify 360 SSA Governance Module: for managing multi-project Software Security AssuranceSoftware Security AssuranceSoftware security assurance is a process that helps design and implement software that protects the data and resources contained in and controlled by that software...
(SSA) programs
In February 2011, HP also announced Fortify On Demand, which provides static and dynamic analysis in the cloud.