Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Hosted Vendor Security Management from Fortify

Fortify : 06 April, 2009  (New Product)
Fortify releases enhancements to Fortify 360 as well as branching into the hosted security services market with Vendor Security Management
Fortify Software has announced the latest release of its cornerstone software security suite, Fortify 360, as well as its first-ever hosted software security solution, Fortify Vendor Security Management.

Fortify 360 is an integrated dynamic and static analysis solution for containing, removing and preventing vulnerabilities in software and applications. The latest version, Fortify 360 2.0, now includes an automated governance module allowing enterprises to fully manage their organization-wide Software Security Assurance (SSA) effort. Fortify Vendor Security Management provides enterprises with Fortify's award-winning analysis technologies through a software-as-a-service offering, enabling companies to inspect the security of applications when source code is not available from Commercial Off-the-shelf Software (COTS) vendors or outsourcers.

"One of the biggest challenges to implementing a Software Security Assurance program today is management," said Roger Thornton, co-founder and CTO of Fortify Software. "Today's environment forces security professionals to work with development, legal and executive teams making the process of securing applications complex. Automation is the only way to ensure the efficiency and success of any security initiative."

The addition of a Web-based SSA Governance module to Fortify 360 allows enterprises to:

* Create and manage a detailed application inventory of all enterprise software, and assign risk profiles to all applications, such as those that are Web-facing, outsourced or built in-house

* Automatically generate appropriate security policies tailored to each risk profile and apply them consistently

* Communicate and track processes via a centralized system accessible to developers and security teams

"Securing an enterprise's portfolio of software requires governance across all categories of applications, including in-house, third-party, outsourced, and open source, "said Jim Routh, chief information security officer of the Depository Trust & Clearing Corporation (DTCC). "You need to evaluate each application, developing a risk based inventory as well as defining and consistently applying security activities for each supply chain component. Fortify's Governance Module will automate this process and provide visibility into the progress and status of software security across the organization's supply chain."


At the same time, businesses today also face the challenge of securing software purchased from commercial vendors. "For most organizations, third-party software represents a majority of their deployed applications, but often they have little visibility into the security of that software aside from constant, disruptive patches," continued Thornton. "Businesses today need to escape the patch management rat race and adopt a preventative security approach that analyzes third-party software for vulnerabilities during the procurement or upgrade process and demand that significant problems be addressed prior to acceptance."

Fortify Vendor Security Management is Fortify's first Software-as-a-Service solution that enables security teams to assess and verify the security of third-party software while allowing the vendor stay in control of the process. Software vendors can upload their binaries, have a scan conducted, address any issues, and publish a report summarizing the security of their application back to the security team.

"Virtually every organization today is built and operated on software," said John M. Jack, president and CEO of Fortify Software. "Implementing software security assurance is imperative to mitigating the business risk associated with vulnerable applications, whether built in-house, outsourced, or acquired from commercial vendors. Fortify's solutions help customers deal with the immediate challenge of removing vulnerabilities from their existing applications as well as the systemic challenge of producing and acquiring secure software."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo