Fortify moves software security into the cloud

The new software-as-a-service (SaaS) application allows customers to use Fortify's analysis technologies to inspect the security of applications when the source code is not available from commercial software vendors.

"Virtually every organisation today is built and operated on software," said Barmak Meftah, senior vice president of products and technology at Fortify.

"Implementing software security assurance is imperative to mitigating the business risk associated with vulnerable applications, whether built in-house, outsourced or acquired from commercial vendors."

Fortify's first SaaS venture is designed to help security teams assess and verify the security of third-party software, while allowing the vendor to stay in control of the process and the source code.

This helps to maintain trust between both parties, according to Fortify.

Software vendors can use the platform to upload binaries, have a scan conducted, address any issues and publish a report summarising the security of their application back to the security team.

"For most organisations, third-party software represents a majority of their deployed applications, but often they have little visibility into the security of that software aside from constant, disruptive patches," said Roger Thornton, co-founder and chief technology officer at Fortify.

This reactive model is outdated, according to Thornton, and can hinder business processes as well as potentially create security risks.

"Enterprises today face intense pressure to implement application security from compliance mandates, customers and, obviously, the increasing threat of cyber criminals and hackers," said Joseph Feiman, a research vice president and fellow at analyst firm Gartner.

"An effective programme of software security governance enables enterprises to meet these challenges, and make security part of the corporate DNA."

Fortify has also announced version 2.0 of its cornerstone software security suite, Fortify 360, designed to contain, remove and prevent vulnerabilities in software applications.

The suite now includes governance capabilities allowing enterprises to fully manage an organisation-wide software security assurance effort.

Fortify 360 Version 2.0 is available now, while Fortify Vendor Security Management will be released on 20 April.

A beta version will be made available to registered users from 6 April.