Archive Press Release
(Products mentioned in this Archive Press Release may or may not be available from the manufacturer.)
Fortify Software, Inc
Release date: January 30, 2007
Fortify Software Expands Vulnerability Detection to Combat New Security Threats against Software
PALO ALTO, Calif., Jan. 30 -- Fortify Software Inc., the market-leading provider of software security products, today announced the release of a major update to the Fortify Secure Coding Rulepacks that drive the award-winning vulnerability identification of Fortify Source Code Analysis (SCA). The update adds support for 34 new categories of vulnerabilities and expands coverage of other critical vulnerabilities, such as Cross-Site Scripting and SQL Injection, which are among the most prevalent vulnerabilities in software today.
"Even as organizations take a proactive approach to securing their software, malicious users and other parties are finding new attack vectors to exploit," said Barmak Meftah, VP of Products and Services at Fortify Software. "Fortify's secure coding rules represent the cutting edge in security vulnerability assessment and are critical to keeping applications secure against the increasing number of attacks."
Fortify regularly makes these new rules available to customers, ensuring that Fortify products such as Fortify SCA, Fortify Tracer, and Fortify Defender are kept on the cutting edge of vulnerability identification. Fortify's Security Research Group, comprised of software security experts that focus entirely on identifying new threats and developing ways to protect against them, compile the new rules through ongoing research. Thanks to this effort, Fortify Software continues to lead the industry by identifying over 150 categories of vulnerabilities in software.
The updated Secure Coding Rulepacks include: o Increased breadth: 34 new distinct vulnerability categories. o Enhanced support for .NET: 24 new vulnerability categories and coverage for five new third-party libraries, including the Microsoft Enterprise Library. o Expanded JSP support: Coverage for popular tag libraries, including JSTL and Apache Struts, for enhanced protection from cross-site scripting and SQL injection attacks. o Detection of persistent Cross-Site Scripting vulnerabilities: Fortify SCA now detects one of the most common and difficult to identify forms of cross-site scripting, which occurs when malicious data from an attacker is stored in a database and later included in dynamic content sent to a victim.
Fortify SCA 4.0, released in October 2006, is the most widely used and effective solution to find and fix software vulnerabilities at the root cause early in the development cycle. Its advanced features help developers identify and resolve issues with less effort, while enabling security leads to review and prioritize more code in less time. Fortify SCA supports a wide variety of languages, frameworks and operating systems and delivers depth and accuracy in its results. It can be tuned to be comprehensive when completeness is needed or extremely targeted for day-to-day use. Fortify SCA makes triage, audits and remediation fast and effective for any organization.
About Fortify Software, Inc.
Fortify Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security products, Fortify SCA, Fortify Manager, Fortify Tracer and Fortify Defender, drive down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and Fortune 500 companies in a wide variety of industries such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by a world-class team of software security experts and partners. More information is available at www.fortifysoftware.com.
Source: Fortify Software Inc.
CONTACT: Kim Milosevich of OutCast Communications, +1-415-392-8282, kim@outcastpr.com, for Fortify
News provided by ThomasNet Industrial Newsroom® (TIN). TIN is a comprehensive source
of new and timely product information in the industrial marketplace. TIN supplies new product
information to the web sites, e-marketplaces and print publications that serve the
industrial marketplace. For press release submissions please go to
http://www.productnews.com/SubmitPRPage.html.
BY ACCESSING, BROWSING AND/OR USING THIS WEB SITE AND/OR ANY WEB SITES PROVIDED BY
ProductNews.com, YOU AGREE TO BE BOUND BY THE TERMS OF USE
AGREEMENT.
