World Library  
Flag as Inappropriate
Email this Article

Fortify Software

former Independent Software Vendor
Industry Computer software
Genre Software Security Assurance
Founded 2003
Founder Ielizarov Andrii, Tedd Schlein of Kleiner, Perkins, Caufield & Byers, Mike Armistead, Brian Chess, Arthur Do, Roger Thornton
Headquarters San Mateo, California, United States
Key people
John M. Jack (former CEO), Jacob West(head of Security Research Group), Brian Chess(former Chief Scientist), Arthur Do (former Chief Architect)
Owner Hewlett Packard Company
Website HP Software Security web page and HP Fortify Software Security Center Server

Fortify Software, known now as Fortify, was a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010.[1] Fortify is now part of HP Enterprise Security Products in the HP Software business, providing application security products and services for enterprise customers to assess, assure and protect enterprise software and applications from security vulnerabilities.[2][3]


  • Technical advisory board 1
  • Security research 2
  • Offerings 3
  • See also 4
  • References 5
  • External links 6

Technical advisory board

Fortify's technical advisory board was composed of Avi Rubin, Bill Joy, David A. Wagner, Fred Schneider, Gary McGraw, Greg Morrisett, Li Gong, Marcus Ranum,Matt Bishop, William Pugh and John Viega.

Security research

Fortify created a security research group that maintained the Java Open Review project[4] and the Vulncat taxonomy of security vulnerabilities in addition to the security rules for Fortify's analysis software.[5] Members of the group wrote the book, Secure Coding with Static Analysis, and published research, including JavaScript Hijacking,[6] Attacking the build: Cross build Injection,[7] Watch what you write: Preventing Cross-site scripting by observing program output[8] and Dynamic Taint Propagation: Finding Vulnerabilities Without Attacking.[9]


Fortify offerings included Static Application Security Testing[10] and Dynamic Application Security Testing[11] products, as well as products and services to support Software Security Assurance, or repeatable and auditable secure behaviors, over the course of a software application's life cycle.[12]

In February 2011, Fortify also announced Fortify OnDemand, a static and dynamic application testing service.[13]

See also


  1. ^ HP Press Release: "HP Completes Acquisition of Fortify Software, Accelerating Security Across the Application Life Cycle" September 22, 2010.
  2. ^ Software Searches for Security Flaws (English),, April 5, 2004
  3. ^ A New Approach to Fortify Your Software ,, April 5, 2004
  4. ^ "Quality and Solutions for Open source Community"
  5. ^ "Software security errors"
  6. ^ "JavaScript Hijacking"
  7. ^ "Attacking the Build through Cross-Build Injection"
  8. ^ "Watch What You Write: Preventing Cross-Site Scripting by Observing Program Output"
  9. ^ "Dynamic taint propagation"
  10. ^ Fortify SCA
  11. ^ Fortify Runtime
  12. ^ HP Fortify Governance
  13. ^ SD Times, “HP builds up its Security-as-a-Service .” February 15, 2011.

External links

  • HP Fortify website
  • Fortify Product
  • HP Software official site
    • Gartner report, on Fortify website
  • Java Open Review Project
  • Software Isn't Complete Unless It's Secure, BusinessWeek, September 26, 2006 - Article on Fortify by Bill Joy
  • Fortify OnDemand
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from World Library are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.