Fortify_Software References

Fortify
Company type	Software Vendor
Industry	Computer software
Genre	Software Security Assurance
Founded	2003
Founder	Ted Schlein of Kleiner, Perkins, Caufield & Byers, Mike Armistead, Brian Chess, Arthur Do, Roger Thornton
Headquarters	San Mateo, California, United States
Key people	John M. Jack (former CEO), Jacob West (head of Security Research Group), Brian Chess (former Chief Scientist), Arthur Do (former Chief Architect)
Owner	OpenText
Website	Micro Focus Security; Micro Focus Fortify Software Security Center Server

Fortify Software, later known as Fortify Inc., is a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010,^[1]^[2]^[3] Micro Focus in 2017, and OpenText in 2023.

Fortify offerings included Static application security testing (SAST)^[4] and Dynamic application security testing^[5] products, as well as products and services that support Software Security Assurance. In 2011, Fortify introduced Fortify OnDemand, a static and dynamic application testing service.^[6]

History

Fortify Software was founded by Kleiner Perkins in 2003. Fortify Inc. was acquired by HP in 2010.^[7]

On September 7, 2016, HPE CEO Meg Whitman announced that the software assets of Hewlett Packard Enterprise, including Fortify, would be merged with Micro Focus to create an independent company of which HP Enterprise shareholders would retain majority ownership.^{[
citation needed]}

Micro Focus CEO Kevin Loosemore called the transaction "entirely consistent with our established acquisition strategy and our focus on efficient management of mature infrastructure products" and indicated that Micro Focus intended to "bring the core earnings margin for the mature assets in the deal - about 80 percent of the total - from 21 percent today to Micro Focus's existing 46 percent level within three years."^[8] The merge concluded on September 1, 2017.^{[
citation needed]}

OpenText acquired Micro Focus (including Fortify Software products) in 2023.

Technical advisory board

Fortify's technical advisory board was composed of Avi Rubin, Bill Joy, David Wagner, Fred Schneider, Gary McGraw, Greg Morrisett, Li Gong, Marcus Ranum, Matt Bishop, William Pugh, and John Viega.

Security research

Fortify created a security research group that maintained the Java Open Review project^[9] and the Vulncat taxonomy of security vulnerabilities in addition to the security rules for Fortify's analysis software.^[10] Members of the group wrote the book Secure Coding with Static Analysis, and published research, including JavaScript Hijacking,^[11] Attacking the build: Cross build Injection,^[12] Watch what you write: Preventing Cross-site scripting by observing program output,^[13] and Dynamic taint propagation: Finding vulnerabilities without attacking.^[14]

References

^ "HP Completes Acquisition of Fortify Software, Accelerating Security Across the Application Life Cycle". September 22, 2010. Retrieved December 17, 2018.
^ Roberts, Paul (April 5, 2004). "Software Searches for Security Flaws". PCWorld.com. Archived from the original on December 19, 2020. Retrieved December 17, 2018.
^ Wagner, Jim (April 5, 2004). "A New Approach to Fortify Your Software". Internetnews.com. Retrieved December 17, 2018.
^ "HP Fortify Static Code Analyzer". Retrieved December 17, 2018.
^ "HP Unveils Real-Time Application Security Testing Tool". DarkReading.com. July 14, 2011. Retrieved December 17, 2018.
^ Reitano, Victoria (February 15, 2011). "HP builds up its Security-as-a-Service". SD Times. Retrieved December 17, 2018.
^ "HP's Fortify Buyout Numbers Tell Lucrative Story For Software Security". Forbes. August 18, 2010. Retrieved May 4, 2020.
^ Sandle, Paul; Baker, Liana B. (September 7, 2016). "HP Enterprise strikes $8.8 billion deal with Micro Focus for software assets". Reuters. Retrieved December 17, 2018.
^ "Quality and Security for Open source Community". Archived from the original on December 16, 2006. Retrieved December 17, 2018.
^ "HP Fortify Taxonomy: Software Security Errors". Archived from the original on November 27, 2012. Retrieved December 17, 2018.
^ Chess, Brian; O'Neil, Yekaterina Tsipenyuk; West, Jacob (March 12, 2007). "JavaScript Hijacking" (PDF). Retrieved December 17, 2018.
^ Chess, Brian; Lee, Fredrick DeQuan; West, Jacob (October 10, 2007). "Attacking the Build through Cross-Build Injection". Retrieved December 17, 2018.
^ Madou, Matias; Lee, Edward; West, Jacob; Chess, Brian (2008). "Watch What You Write: Preventing Cross-Site Scripting by Observing Program Output" (PDF). Retrieved December 17, 2018.
^ Chess, Brian; West, Jacob (January 2008). "Dynamic taint propagation: Finding vulnerabilities without attacking". Information Security Tech. 13 (1): 33–39. doi: 10.1016/j.istr.2008.02.003. Retrieved December 17, 2018.

External links

Official website
Gartner 2018 Magic Quadrant for Application Security Testing
Joy, Bill (September 26, 2006). "Software Isn't Complete Unless It's Secure". BusinessWeek. Retrieved December 17, 2018.

[1] "HP Completes Acquisition of Fortify Software, Accelerating Security Across the Application Life Cycle". September 22, 2010. Retrieved December 17, 2018.

[PCWorld-2] Roberts, Paul (April 5, 2004). "Software Searches for Security Flaws". PCWorld.com. Archived from the original on December 19, 2020. Retrieved December 17, 2018.

[InternetNews-3] Wagner, Jim (April 5, 2004). "A New Approach to Fortify Your Software". Internetnews.com. Retrieved December 17, 2018.

[4] "HP Fortify Static Code Analyzer". Retrieved December 17, 2018.

[5] "HP Unveils Real-Time Application Security Testing Tool". DarkReading.com. July 14, 2011. Retrieved December 17, 2018.

[6] Reitano, Victoria (February 15, 2011). "HP builds up its Security-as-a-Service". SD Times. Retrieved December 17, 2018.

[to-hp-7] "HP's Fortify Buyout Numbers Tell Lucrative Story For Software Security". Forbes. August 18, 2010. Retrieved May 4, 2020.

[spin-merge-8] Sandle, Paul; Baker, Liana B. (September 7, 2016). "HP Enterprise strikes $8.8 billion deal with Micro Focus for software assets". Reuters. Retrieved December 17, 2018.

[9] "Quality and Security for Open source Community". Archived from the original on December 16, 2006. Retrieved December 17, 2018.

[10] "HP Fortify Taxonomy: Software Security Errors". Archived from the original on November 27, 2012. Retrieved December 17, 2018.

[11] Chess, Brian; O'Neil, Yekaterina Tsipenyuk; West, Jacob (March 12, 2007). "JavaScript Hijacking" (PDF). Retrieved December 17, 2018.

[12] Chess, Brian; Lee, Fredrick DeQuan; West, Jacob (October 10, 2007). "Attacking the Build through Cross-Build Injection". Retrieved December 17, 2018.

[13] Madou, Matias; Lee, Edward; West, Jacob; Chess, Brian (2008). "Watch What You Write: Preventing Cross-Site Scripting by Observing Program Output" (PDF). Retrieved December 17, 2018.

[14] Chess, Brian; West, Jacob (January 2008). "Dynamic taint propagation: Finding vulnerabilities without attacking". Information Security Tech. 13 (1): 33–39. doi: 10.1016/j.istr.2008.02.003. Retrieved December 17, 2018.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

v t e OpenText
Founders	Tim Bray Gaston Gonnet Frank Tompa
Products	ArcSight Documentum GroupWise IDOL LoadRunner NetIQ eDirectory opentext.ai OpenText ALM OpenText Business Network OpenText Content Suite OpenText Data Protector OpenText Quality Center OpenText SiteScope OpenText Together Open Enterprise Server Silk Central Silk Performer Silk Test StarTeam UFT One Vertica Visibroker ZENworks
Acquisitions	Autonomy Corporation Carbonite, Inc. Webroot Cordys Covisint Guidance Software GXS Inc. Harbinger Corporation Hummingbird Ltd. Micro Focus The Attachmate Group Attachmate Borland Fortify Software HP IT Management Software Mercury Interactive NetIQ Novell Unix System Laboratories Peregrine Systems Opsware Serena Software Vignette Corporation

History

Technical advisory board

Security research

See also

References

External links