Fortify Software Contributes Software Security Research to Open Source Community

Fortify Software, Inc. Aug 04, 2006


Classification of Security Vulnerabilities Available Through OWASP to Promote Secure Software Development

PALO ALTO, Calif., July 31 / -- Fortify Software Inc., the leading provider of products that identify and remediate security vulnerabilities in software to mitigate enterprise security risk, today announced that it has contributed an extensive classification of software security errors to the non-profit Open Web Application Security Project (OWASP). The classification of 115 security vulnerability categories will help software developers and security practitioners understand the common coding mistakes that affect software security and more readily identify security problems. OWASP will help manage the research from Fortify Software as part of the organization's library of free, unbiased open source documentation, tools and standards.

"OWASP is assembling the most comprehensive guide to application security principles, threats, attacks, vulnerabilities, and countermeasures ever attempted," said Jeff Williams, chairman of OWASP. "Integrated with the rest of our materials, Fortify Software's vulnerability research will help anyone acquiring, designing, building, testing, or deploying critical applications make informed decisions about application security."

The classification of software security errors entitled the "Seven Pernicious Kingdoms" organizes security vulnerabilities into seven top level sets of security problems that can be used to help software developers understand the types of coding errors that can increase security risk. By better understanding how systems fail, developers will better analyze the software they create, more readily identify and address security problems when they see them, and generally avoid repeating the same mistakes in the future.

"When put to work in an analysis tool, a set of security rules organized according to this classification is a powerful mechanism for reducing security risk," said Dr. Brian Chess, Chief Scientist at Fortify Software. "Software development practices have only just begun to look at the myriad of ways security problems factor into coding -- making a classification like this available should provide tangible benefits to the software security community."

Classification of Software Security Errors

Together with a research team that included Katrina Tsipenyuk of the Fortify Security Research Group and Gary McGraw, the chief technology officer of Cigital, Dr. Chess identified 115 security vulnerability categories present in today's software and organized them in top-level "kingdoms" which include:

o Input Validation and Representation
o API Abuse
o Security Features
o Time and State
o Errors
o Code Quality
o Encapsulation

The full classification and the research that accompanies it is available at www.owasp.org/index.php/Category:OWASP_Honeycomb_Project . In addition, the classification can also be found at http://vulncat.fortifysoftware.com/.

About OWASP

OWASP was formed in 2000 and has almost 5,000 members and 73 chapters globally. The OWASP Foundation is a non-profit organization made up of all-volunteer participants. OWASP's mission is to find and fight the causes of insecure software. OWASP enables organizations to develop, maintain, and purchase applications that they can trust through the development of free, open, and unbiased application security documentation, tools, chapters, and conferences. More information is available at www.owasp.org .

About Fortify Software, Inc.

Fortify Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security products, Fortify Source Code Analysis Suite, Fortify Security Tester and Fortify Application Defense, drive down costs and security risks by automating key processes of developing and deploying secure applications. More information is available at www.fortifysoftware.com.

Source: Fortify Software Inc.

CONTACT:
Kim Milosevich of OutCast Communications,
+1-415-392-8282,
or kim@outcastpr.com,
for Fortify Software, Inc.

Web site: www.owasp.org/

Web site: www.fortifysoftware.com/

White Papers & Case Studies

View All White Papers & Case Studies

View All Resources

All Topics

Manufacturing Innovation

Industry Trends

Engineering & Design

Sales & Marketing

Supply Chain

Career & Workforce

Company News

New Products

Thomas Index

Daily Bite

Find Suppliers, Insights, Tools and More...

Become part of North America's largest and most active network of B2B buyers and industrial/commercial suppliers.

Select From Over 500,000
Industrial Suppliers

Find and evaluate OEMs, Custom Manufacturers, Service Companies and Distributors.

Receive Daily
Industry Updates

Stay up to date on industry news and trends, product announcements and the latest innovations.

Search Over
6 Million Products

Find materials, components, equipment, MRO supplies and more.

Download 2D & 3D
CAD Models

10+ million models from leading OEMs, compatible with all major CAD software systems.
Start Sourcing Suppliers Claim Your Company Profile ico-arrow-default-right
Cookie Policy
Close
Thomas uses cookies to ensure that we give you the best experience on our website. By using this site, you agree to our Privacy Statement and our Terms of Use.
Accept