Analysis Tools identify/resolve software security risks.
Press Release Summary:
To ensure application security, Source Code Analysis v3.5 lets users identify, prioritize, and resolve security flaws in software applications before they ship. Solution incorporates Structural Analyzer and runs automated security checks on software code bases to detect over 115 vulnerability categories via Secure Coding Rulepacks. Language support includes .NET languages, and IDE features plug-in support for Eclipse, Visual Studio, and IBM WSAD environments.
Original Press Release:
Fortify Announces New Source Code Analysis Tools to Identify and Resolve Software Security Risks
PALO ALTO, Calif., Jan. 9 / -- Fortify Software, Inc. today announced Source Code Analysis 3.5, a powerful advancement in functionality for its award-winning Source Code Analysis suite. Designed to ensure a higher level of application security, the new enhancements improve the ability for software developers and development managers to identify, prioritize and resolve security flaws in software applications before they are shipped or deployed in order to mitigate enterprise security risk.
Fortify Source Code Analysis 3.5 include the following new and expanded components:
-- New Structural Analyzer detects potentially dangerous flaws in the structure or definition of a program.
-- Expanded language support that includes .NET languages such as C#, VB.NET and ASP.NET
-- The addition of over 48 new vulnerability categories that will be referenced by Source Code Analysis
-- Significant enhancements to Integrated Developer Environment (IDE) plug-in support for Eclipse, Visual Studio and IBM WSAD environments
"Fortify Source Code Analysis has been adopted by leading enterprises such as Wells Fargo, eBay, Oracle and Cingular as the premier solution for finding, tracking and fixing security vulnerabilities in software applications," said Barmak Meftah, Vice President of Engineering and Operations, Fortify Software. "Version 3.5 expands our feature set so companies can scale their software security efforts by auditing more code with higher confidence and in less time than they could before."
Fortify's powerful source code analyzers run comprehensive, automated security checks on software code bases to detect over 115 vulnerability categories across popular languages and platforms. In version 3.5, Fortify Source Code Analysis includes a new Structural Analyzer and expansion of its list of supported languages that includes Java, C/C++, XML, PL/SQL, and .Net C# 1.0, to include:
-- .Net 2.0 support for C# 2.0, VB.NET 2.0, ASP.NET 2.0
-- Microsoft T-SQL support
-- Expanded JSP support for BEA Weblogics and IBM Websphere
By understanding the way programs are structured, the new Structural Analyzer identifies vulnerabilities that are often difficult to detect through inspection because they encompass both the declaration and use of variables and functions. For example, the Structural Analyzer detects assignment to member variables in Java servlets, identifies the use of loggers that are not declared "static final", and flags instances of dead code that will never be executed because of a predicate that is always false. This new analyzer joins Fortify's stable of data flow, configuration, semantic and control flow analyzers to provide the most comprehensive and accurate coverage of security vulnerabilities in the industry.
Fortify's Secure Coding Rulepacks now contain thousands of rules in more than 115 vulnerability categories that provides comprehensive coverage of over 35,000 permutations which would be virtually impossible to track manually. The Rulepacks recognize sources of tainted input combined with known unsafe functions, function call sequences and application configurations. Fortify's security experts and partners continually update the rulepacks based on a rich store of security knowledge around common programming practices used in application development.
Version 3.5 also includes significant enhancements to its support for popular IDEs, including Visual Studio 2003 and Visual Studio 2005, Eclipse 3.0 and above, and IBM WSAD 5.0 and 6.0. Now developers can use powerful functionality previously only part of Fortify Audit Workbench to discover and remediate flaws in a familiar environment while they code.
About Fortify Software, Inc.
Fortify Software products protect companies from the threats posed by security flaws in business-critical software applications. Its flagship software security suites, Fortify Source Code Analysis and Fortify Security Tester, drive down costs and security risks by automating key processes of developing secure applications prior to deployment. Fortify Software is backed by leading investors, including Kleiner, Perkins, Caufield & Byers, and a world-class team of software security advisors and partners. More information is available at www.fortifysoftware.com.
CONTACT: Kim Milosevich of OutCast Communications, +1-415-392-8282, or kim@outcastpr.com, for Fortify
