Fortify Software
Clash Royale CLAN TAG#URR8PPP  | |
Type | Software Vendor |
|---|---|
| Industry | Computer software |
| Genre | Software Security Assurance |
| Founded | 2003 |
| Founder | Ted Schlein of Kleiner, Perkins, Caufield & Byers, Mike Armistead, Brian Chess, Arthur Do, Roger Thornton |
| Headquarters | San Mateo, California, United States |
Key people | John M. Jack (former CEO), Jacob West(head of Security Research Group), Brian Chess(former Chief Scientist), Arthur Do (former Chief Architect) |
| Owner | Micro Focus |
| Website | Micro Focus Security web page and Micro Focus Fortify Software Security Center Server |
Fortify Software, later known as Fortify Inc., is a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010[1] to become part of HP Enterprise Security Products.[2][3]
Fortify offerings included Static Application Security Testing[4] and Dynamic Application Security Testing[5] products, as well as products and services that support Software Security Assurance. As of February 2011, Fortify sells Fortify OnDemand, a static and dynamic application testing service.[6]
Contents
1 History
2 Technical advisory board
3 Security research
4 See also
5 References
6 External links
History
On September 7, 2016, HPE CEO Meg Whitman announced that the software assets of Hewlett Packard Enterprise, including Fortify, would be merged with Micro Focus to create an independent company of which HP Enterprise shareholders would retain majority ownership.
Micro Focus CEO Kevin Loosemore called the transaction "entirely consistent with our established acquisition strategy and our focus on efficient management of mature infrastructure products" and indicated that Micro Focus intended to "bring the core earnings margin for the mature assets in the deal - about 80 percent of the total - from 21 percent today to Micro Focus's existing 46 percent level within three years."[7] The merge concluded on September 1, 2017.
Technical advisory board
Fortify's technical advisory board was composed of Avi Rubin, Bill Joy, David A. Wagner, Fred Schneider, Gary McGraw, Greg Morrisett, Li Gong, Marcus Ranum, Matt Bishop, William Pugh and John Viega.
Security research
Fortify created a security research group that maintained the Java Open Review project[8] and the Vulncat taxonomy of security vulnerabilities in addition to the security rules for Fortify's analysis software.[9] Members of the group wrote the book, Secure Coding with Static Analysis, and published research, including JavaScript Hijacking,[10]Attacking the build: Cross build Injection,[11]Watch what you write: Preventing Cross-site scripting by observing program output[12] and Dynamic Taint Propagation: Finding Vulnerabilities Without Attacking.[13]
See also
- List of tools for static code analysis
References
^ HP Press Release: "HP Completes Acquisition of Fortify Software, Accelerating Security Across the Application Life Cycle" September 22, 2010.
^ Software Searches for Security Flaws (in English), PCWorld.com, April 5, 2004
^ A New Approach to Fortify Your Software , Internetnews.com, April 5, 2004
^ Fortify SCA
^ Fortify Runtime
^ SD Times, “HP builds up its Security-as-a-Service .” February 15, 2011.
^ Sandle, Paul; Baker, Liana B. (2016-09-08). "HP Enterprise strikes $8.8 billion deal with Micro Focus for software assets". Reuters. Retrieved 2016-09-13..mw-parser-output cite.citationfont-style:inherit.mw-parser-output qquotes:"""""""'""'".mw-parser-output code.cs1-codecolor:inherit;background:inherit;border:inherit;padding:inherit.mw-parser-output .cs1-lock-free abackground:url("//upload.wikimedia.org/wikipedia/commons/thumb/6/65/Lock-green.svg/9px-Lock-green.svg.png")no-repeat;background-position:right .1em center.mw-parser-output .cs1-lock-limited a,.mw-parser-output .cs1-lock-registration abackground:url("//upload.wikimedia.org/wikipedia/commons/thumb/d/d6/Lock-gray-alt-2.svg/9px-Lock-gray-alt-2.svg.png")no-repeat;background-position:right .1em center.mw-parser-output .cs1-lock-subscription abackground:url("//upload.wikimedia.org/wikipedia/commons/thumb/a/aa/Lock-red-alt-2.svg/9px-Lock-red-alt-2.svg.png")no-repeat;background-position:right .1em center.mw-parser-output .cs1-subscription,.mw-parser-output .cs1-registrationcolor:#555.mw-parser-output .cs1-subscription span,.mw-parser-output .cs1-registration spanborder-bottom:1px dotted;cursor:help.mw-parser-output .cs1-hidden-errordisplay:none;font-size:100%.mw-parser-output .cs1-visible-errorfont-size:100%.mw-parser-output .cs1-subscription,.mw-parser-output .cs1-registration,.mw-parser-output .cs1-formatfont-size:95%.mw-parser-output .cs1-kern-left,.mw-parser-output .cs1-kern-wl-leftpadding-left:0.2em.mw-parser-output .cs1-kern-right,.mw-parser-output .cs1-kern-wl-rightpadding-right:0.2em
^ "Quality and Solutions for Open source Community" Archived March 4, 2016, at the Wayback Machine.
^ "Software security errors" Archived November 27, 2012, at the Wayback Machine.
^ "JavaScript Hijacking" Archived June 23, 2015, at the Wayback Machine.
^ "Attacking the Build through Cross-Build Injection"
^ "Watch What You Write: Preventing Cross-Site Scripting by Observing Program Output"
^ "Dynamic taint propagation"
External links
Official website- Gartner report, on Fortify website
- Java Open Review Project
Software Isn't Complete Unless It's Secure, BusinessWeek, September 26, 2006 - Article on Fortify by Bill Joy