Fortify Software

Home News & Events Press Releases 2008 March 31, 2008

Business Software Assurance Changes IT Security Landscape

Market Leader Fortify Software Presents New Approach to Protecting the Enterprise

SAN MATEO, Calif., March 31, 2008 - Fortify® Software,the market leader in enterprise application security solutions, announced today Business Software Assurance (BSA) , a new security strategy that provides organizations a blueprint for minimizing business risks associated with the exploitation of software and vital corporate assets.

Business Software Assurance, a holistic approach to protecting corporate digital assets at the most fundamental level – where they reside in software – is based on the premise that enterprise security must come from within. Anchored by the release of Fortify 360 (see separate press release), Business Software Assurance is Fortify’s vision for changing the mindset around security, so that enterprises can reduce business risk and adhere with stringent compliance mandates while protecting their company from the inside out.

“Businesses today are built and operated by software that houses intellectual property, business processes and trade secrets that are vital to the health of an enterprise,” said Roger Thornton, Fortify’s Chief Technology Officer and a company founder. “Unfortunately, most of this software is developed to be open and functional, or was developed pre-Internet, and is therefore not necessarily secure. This creates a significant vulnerability at the company’s core. Business Software Assurance teaches organizations to address potential weaknesses in their everyday operations before they become exploitable.”

Traditionally, companies have largely depended on “perimeter-based” approaches like network security to prevent data predators and criminals from gaining access to corporate information. However, the demands of today’s open business environment weaken the protection provided by firewalls and other perimeter security efforts, leaving a corporation’s applications easily accessible and vulnerable to hackers. Application security tools such as penetration testing provide some measure of protection, but typically only address the indicators of insecure software, rather than the actual cause – insecure code.

“The single biggest step for businesses to reduce risk today is to force major improvements in poorly designed and insecure software and applications,” said senior analyst John Pescatore of Gartner. “By focusing on strengthening applications at the basic code level, business can greatly increase the protection of critical customer and business data while actually reducing how much they have to spend on shielding and patching vulnerable production applications."

Despite a burgeoning security market, in which billions of dollars are spent annually on the perimeter-only mindset, the number of large scale corporate hacks has steadily increased over the last several years. The profile of today’s data predator has evolved as well – they no longer are just deviant teenage hackers who brag about their exploits. Instead, today’s cyber criminals are organized crime rings and even nation states intent on hiding their incursions as long as possible to extract the biggest financial payout.

“As a CISO for a major telecommunications provider, I’m constantly worried that a hacker is going to find a vulnerability in one of our hundreds of applications before I do,” said Marco Bavazzano, Chief Security Officer of Telecom Italia. “Only by adopting a holistic approach such as Fortify’s Business Software Assurance and building security into our core processes, can I really mitigate this risk and protect our company.”

“The security tools out there today, be they firewalls or Pen testing, provide an incomplete solution. We continue to watch hackers find and exploit vulnerabilities at some of the world’s biggest corporations and most highly-trafficked websites,” said John Jack, CEO of Fortify Software. “We’ve had customers who regularly failed compliance audits because these solutions just weren’t cutting it alone. Today’s data predators are sophisticated and organized, and they have found ways to attack you at your weakest point – your software. You have to protect your core.”

Backed by leading venture capital firm Kleiner Perkins Caufield & Byers for its forward- thinking take on enterprise security, Fortify Software has quickly penetrated the market and established itself as a thought leader in the security field. The company more than doubled its revenue from 2006 to 2007 and made a massive overseas expansion into Europe and Asia. It has also grown its U.S. presence by developing a civilian agency-focused government team.

Fortify’s products are used worldwide by leading companies, including 9 of the top 10 global banks, and as of 2008, two-thirds of the United States’ net deposits run through Fortified code. The company recently closed a $7 million deal with the United States Air Force to deploy the cornerstone of Business Software Assurance, the Fortify 360 security suite, and it also notes as among its recent customers the three largest branches of the United States military, two of Europe’s largest telecommunications companies and its largest e-commerce site, Betfair.

“The global business environment has changed,” says Ted Schlein, a managing partner at Kleiner Perkins. “Yet, security technologies and the market mindset have not. Fortify understands this and its vision of Business Software Assurance is redefining the security market to address tomorrow’s threats today. Soon no business application will be built or purchased without going through a process that ensures it can protect itself from the inside out.”

About Fortify Software, Inc.

Fortify® 's Business Software Assurance products and services protect companies from the threats posed by security flaws in business-critical software applications. Its software security suite - Fortify 360 - drives down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software’s customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners. More information is available at www.fortify.com.