Welcome!

Open Source Cloud Authors: Pat Romanski, Liz McMillan, Yeshim Deniz, Zakia Bouachraoui, William Schmarzo

Related Topics: Cloud Security

News Feed Item

Fortify Announces New Source Code Analysis Tools to Identify and Resolve Software Security Risks

Fortify Announces New Source Code Analysis Tools to Identify and Resolve Software Security Risks

PALO ALTO, Calif., Jan. 9 /PRNewswire/ -- Fortify Software, Inc. today announced Source Code Analysis 3.5, a powerful advancement in functionality for its award-winning Source Code Analysis suite. Designed to ensure a higher level of application security, the new enhancements improve the ability for software developers and development managers to identify, prioritize and resolve security flaws in software applications before they are shipped or deployed in order to mitigate enterprise security risk.

Fortify Source Code Analysis 3.5 include the following new and expanded components:

-- New Structural Analyzer detects potentially dangerous flaws in the structure or definition of a program. -- Expanded language support that includes .NET languages such as C#, VB.NET and ASP.NET -- The addition of over 48 new vulnerability categories that will be referenced by Source Code Analysis -- Significant enhancements to Integrated Developer Environment (IDE) plug-in support for Eclipse, Visual Studio and IBM WSAD environments

"Fortify Source Code Analysis has been adopted by leading enterprises such as Wells Fargo, eBay, Oracle and Cingular as the premier solution for finding, tracking and fixing security vulnerabilities in software applications," said Barmak Meftah, Vice President of Engineering and Operations, Fortify Software. "Version 3.5 expands our feature set so companies can scale their software security efforts by auditing more code with higher confidence and in less time than they could before."

Fortify's powerful source code analyzers run comprehensive, automated security checks on software code bases to detect over 115 vulnerability categories across popular languages and platforms. In version 3.5, Fortify Source Code Analysis includes a new Structural Analyzer and expansion of its list of supported languages that includes Java, C/C++, XML, PL/SQL, and .Net C# 1.0, to include:

-- .Net 2.0 support for C# 2.0, VB.NET 2.0, ASP.NET 2.0 -- Microsoft T-SQL support -- Expanded JSP support for BEA Weblogics and IBM Websphere

By understanding the way programs are structured, the new Structural Analyzer identifies vulnerabilities that are often difficult to detect through inspection because they encompass both the declaration and use of variables and functions. For example, the Structural Analyzer detects assignment to member variables in Java servlets, identifies the use of loggers that are not declared "static final", and flags instances of dead code that will never be executed because of a predicate that is always false. This new analyzer joins Fortify's stable of data flow, configuration, semantic and control flow analyzers to provide the most comprehensive and accurate coverage of security vulnerabilities in the industry.

Fortify's Secure Coding Rulepacks now contain thousands of rules in more than 115 vulnerability categories that provides comprehensive coverage of over 35,000 permutations which would be virtually impossible to track manually. The Rulepacks recognize sources of tainted input combined with known unsafe functions, function call sequences and application configurations. Fortify's security experts and partners continually update the rulepacks based on a rich store of security knowledge around common programming practices used in application development.

Version 3.5 also includes significant enhancements to its support for popular IDEs, including Visual Studio 2003 and Visual Studio 2005, Eclipse 3.0 and above, and IBM WSAD 5.0 and 6.0. Now developers can use powerful functionality previously only part of Fortify Audit Workbench to discover and remediate flaws in a familiar environment while they code.

About Fortify Software, Inc.

Fortify Software products protect companies from the threats posed by security flaws in business-critical software applications. Its flagship software security suites, Fortify Source Code Analysis and Fortify Security Tester, drive down costs and security risks by automating key processes of developing secure applications prior to deployment. Fortify Software is backed by leading investors, including Kleiner, Perkins, Caufield & Byers, and a world-class team of software security advisors and partners. More information is available at http://www.fortifysoftware.com/.

Fortify Software, Inc.

CONTACT: Kim Milosevich of OutCast Communications, +1-415-392-8282, or
[email protected], for Fortify

Web site: http://www.fortifysoftware.com/

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...