August 15, 2006; 04:16 AM
Fortify Software, provider of source code analysis products and Watchfire, provider of web application vulnerability assessment software and services, announced a strategic partnership that will integrate the two companies' best-of-breed solutions. The integration of Fortify(R) Source Code Analysis Suite and Watchfire(R) AppScan(R) will bring to market a single solution to easily identify, analyze and remediate security vulnerabilities throughout the software development lifecycle (SDLC).
Customers will benefit from a single user interface to view vulnerability data in one dashboard. Correlating source code and web application security scan results will increase the precision of identifying security vulnerabilities, provide critical information that helps users understand the impact vulnerabilities will have on the compiled code, and pinpoint specifically where errors exist -- easing the remediation process. The partnership also includes joint marketing and reselling opportunities.
Fortify Source Code Analysis Suite and Watchfire AppScan check for security vulnerabilities throughout the SDLC from development through deployment. AppScan scans web applications in pre- and post-deployment and analyzes them for security vulnerabilities. Fortify Source Code Analysis Suite finds, tracks and helps fix the exact code where security vulnerabilities lie, allowing developers to deliver secure software quickly and efficiently. When combined, the two market-leading solutions will achieve an even higher level of precision in recognizing security vulnerabilities and identifying the exact cause and location of errors within the source code.
"Scanning both raw source code and compiled web applications for software vulnerabilities is essential to ensuring the security of application systems," said Bruce H. Bonsall, Chief Information Security Officer, MassMutual Financial Group. "Today we use two different tool sets to accomplish those separate but related tasks. Having one interface to monitor the results of both code scanning and web vulnerability testing of our applications will likely save us time and resources. I like the decision by Fortify and Watchfire to align their development and marketing efforts. By virtue of such a partnership, the integration of the tools isn't left to the end users and they don't need to navigate two different interfaces. That helps simplify things and lets users focus on more important issues."
According to Gartner research, "Through 2010, software development organizations that integrate security into their software development life cycles will experience an 80 percent decrease in critical vulnerabilities found in their publicly released software or externally facing web applications."(1)
Fortify and Watchfire's integrated solution will bring to market the following advantages to developers and security experts:
-- An integrated dashboard that will provide high-level visibility across the enterprise enabling companies to pinpoint and identify application vulnerabilities throughout their entire organization
-- Improved visibility, metrics and compliance reporting
-- Correlation between Watchfire AppScan and Fortify's Source Code Analysis results will lead to better accuracy and completeness of the findings
-- The ability to identify, analyze and remediate security vulnerabilities throughout the software development lifecycle (SDLC) with one solution
Both the Fortify and Watchfire solutions work with existing development and audit tools, thus increasing the efficiency and accuracy of the software development, testing and resolution processes.
"Having built the first patent-pending solution that integrates source code analysis and black-box testing, we believe it's critical to combine these two capabilities into one solution and deliver a single dashboard interface and increased precision for software security overall," said John M. Jack, Chief Executive Officer, Fortify Software. "We chose to partner with Watchfire not only because they are the undisputed leader in black-box testing and the solution of choice for many of our customers, but because the partnership could quickly deliver on this vision of a best-of-breed, integrated solution demanded by our customers. Together, we can reach a larger audience of customers with a more comprehensive software security solution."
"In 2006, research from two leading industry analyst firms indicated that Watchfire is the market-share leader in application security testing solutions. By joining forces with Fortify, the market leader in source code analysis, we have created a very powerful partnership with over 900 combined customers," said Peter McKay, Chief Executive Officer, Watchfire. "Our respective customers are interested in combining both web application scanning and code scanning for an exponentially more secure software development lifecycle that not only yields higher quality applications, but is more cost-effective in the long run. Through this partnership, the market will benefit from an unprecedented and integrated solution combining the industry's most proven and widely adopted technologies."
Watchfire and Fortify will conduct joint demonstrations of the AppScan and Source Code Analysis Suite integration at the Cyber Security Executive Summit 2006 on September 13 - 14, 2006 at the Jacob Javits Center in New York City.
About Fortify Software, Inc.
Fortify Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security products, Fortify Source Code Analysis Suite, Fortify Security Tester and Fortify Application Defense, drive down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and Fortune 500 companies in a wide variety of industries such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by a world-class team of software security experts and partners. More information is available at www.fortifysoftware.com.
About Watchfire
Watchfire provides Online Risk Management software and services to help ensure the security and compliance of websites. More than 500 enterprises and government agencies, including AXA Financial, SunTrust, HSBC, Vodafone, Veterans Affairs and Dell rely on Watchfire to audit and report on issues impacting their online business. Watchfire has been the recipient of several industry honors including the HP/IAPP Privacy Innovation Award, InfoSecurity Product Guide's Hot Security Company 2006, Computerworld's Innovative Technology Award, and "Recommended" rating by Computer Reseller News. Watchfire was named by IDC as the worldwide market-share leader in Web application vulnerability assessment software. Watchfire's partners include IBM Global Services, Sapient, PricewaterhouseCoopers, TRUSTe, Microsoft, Interwoven, WebTrends, EMC Documentum and Mercury. Watchfire is headquartered in Waltham, MA. For more information, please visit www.watchfire.com.
Watchfire, WebXM, AppScan, PowerTools, the Bobby Logo and the Flame Logo are trademarks or registered trademarks of Watchfire. All other products, company names, and logos are trademarks or registered trademarks of their respective owners.
(1)Source: Gartner Research, "Integrate Security Best Practices and Tools Into Software Development Life Cycle," 10 February 2006, Amrit T. Williams, Neil MacDonald.
PRESS BY MONTH
EDITOR'S DESK
SUBMIT PRESS
