Fortify Software
{{Short description|American software company}}
{{Infobox company
| name = Fortify
| logo = Fortify logo.jpg
| type = Software Vendor
| genre = Software Security Assurance
| foundation = 2003
| founder = Ted Schlein of Kleiner, Perkins, Caufield & Byers, Mike Armistead, Brian Chess, Arthur Do, Roger Thornton
| location_city = San Mateo, California
| location_country = United States
| location =
| locations =
| area_served =
| key_people = John M. Jack (former CEO), Jacob West (head of Security Research Group), Brian Chess (former Chief Scientist), Arthur Do (former Chief Architect)
| industry = Computer software
| services =
| revenue =
| operating_income =
| net_income =
| assets =
| equity =
| owner = OpenText
| parent =
| divisions =
| homepage = [https://www.opentext.com/ OpenText]
[https://opentext.com/products/security-cloud OpenText Cybersecurity Cloud]
| footnotes =
| intl =
}}
Fortify Software, later known as Fortify Inc., is a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010,{{cite web |url=https://www8.hp.com/us/en/hp-news/press-release.html?id=696044 |title=HP Completes Acquisition of Fortify Software, Accelerating Security Across the Application Life Cycle |date=September 22, 2010 |access-date=December 17, 2018}}{{cite magazine |url=https://www.pcworld.com/article/115532/article.html |title=Software Searches for Security Flaws |magazine=PCWorld.com |date=April 5, 2004 |first=Paul |last=Roberts |access-date=December 17, 2018 |archive-date=December 19, 2020 |archive-url=https://web.archive.org/web/20201219074825/https://www.pcworld.com/article/115532/article.html |url-status=dead }}{{cite news |url=http://www.internetnews.com/dev-news/article.php/3335651 |title=A New Approach to Fortify Your Software |first=Jim |last=Wagner |work=Internetnews.com |date=April 5, 2004 |access-date=December 17, 2018}} Micro Focus in 2017, and OpenText in 2023.
Fortify offerings included Static application security testing (SAST){{cite web |url=https://cwe.mitre.org/compatible/questionnaires/7.html |title=HP Fortify Static Code Analyzer |access-date=December 17, 2018}} and Dynamic application security testing{{cite web |url=https://www.darkreading.com/risk/hp-unveils-real-time-application-security-testing-tool/d/d-id/1136030 |title=HP Unveils Real-Time Application Security Testing Tool |date=July 14, 2011 |website=DarkReading.com |access-date=December 17, 2018}} products, as well as products and services that support Software Security Assurance. In 2011, Fortify introduced Fortify OnDemand, a static and dynamic application testing service.{{cite news |url=https://sdtimes.com/cloud/hp-builds-up-its-security-as-a-service/ |newspaper=SD Times |title=HP builds up its Security-as-a-Service |date=February 15, 2011 |first=Victoria |last=Reitano |access-date=December 17, 2018}}
History
Fortify Software was founded by Kleiner Perkins in 2003. Fortify Inc. was acquired by HP in 2010.{{cite web |url=https://www.forbes.com/sites/andygreenberg/2010/08/18/hps-fortify-buyout-numbers-tell-lucrative-story-for-software-security/#45a88b07abb6 |title=HP's Fortify Buyout Numbers Tell Lucrative Story For Software Security |work=Forbes|date=August 18, 2010|access-date=May 4, 2020}}
On September 7, 2016, HPE CEO Meg Whitman announced that the software assets of Hewlett Packard Enterprise, including Fortify, would be merged with Micro Focus to create an independent company of which HP Enterprise shareholders would retain majority ownership.{{Citation needed|date=August 2020}}
Micro Focus CEO Kevin Loosemore called the transaction "entirely consistent with our established acquisition strategy and our focus on efficient management of mature infrastructure products" and indicated that Micro Focus intended to "bring the core earnings margin for the mature assets in the deal - about 80 percent of the total - from 21 percent today to Micro Focus's existing 46 percent level within three years."{{cite web |url=https://www.reuters.com/article/us-hpenterprise-software-microfocus-idUSKCN11D2EU |title=HP Enterprise strikes $8.8 billion deal with Micro Focus for software assets |work=Reuters |date=September 7, 2016 |last1=Sandle |first1=Paul |last2=Baker |first2=Liana B. |access-date=December 17, 2018}} The merge concluded on September 1, 2017.{{Citation needed|date=August 2020}}
OpenText acquired Micro Focus (including Fortify Software products) in 2023.
Technical advisory board
Fortify's technical advisory board was composed of Avi Rubin, Bill Joy, David Wagner, Fred Schneider, Gary McGraw, Greg Morrisett, Li Gong, Marcus Ranum, Matt Bishop, William Pugh, and John Viega.
Security research
Fortify created a security research group that maintained the Java Open Review project{{cite web |url=http://opensource.fortifysoftware.com |title=Quality and Security for Open source Community |url-status=dead |archive-url=https://web.archive.org/web/20061216235951/http://opensource.fortifysoftware.com/welcome.html;jsessionid=5672309B452895BB5576591E3A3312EB |archive-date=December 16, 2006 |access-date=December 17, 2018}} and the Vulncat taxonomy of security vulnerabilities in addition to the security rules for Fortify's analysis software.{{cite web |url=http://www.hpenterprisesecurity.com/vulncat/en/vulncat/ |title=HP Fortify Taxonomy: Software Security Errors |url-status=dead |archive-url=https://web.archive.org/web/20121127103834/http://www.hpenterprisesecurity.com/vulncat/en/vulncat/ |archive-date=November 27, 2012 |access-date=December 17, 2018}} Members of the group wrote the book Secure Coding with Static Analysis, and published research, including JavaScript Hijacking,{{cite web |url=https://www.helpnetsecurity.com/dl/articles/JavaScript_Hijacking.pdf |title=JavaScript Hijacking |date=March 12, 2007 |first1=Brian |last1=Chess |first2=Yekaterina Tsipenyuk |last2=O'Neil |first3=Jacob |last3=West |access-date=December 17, 2018}} Attacking the build: Cross build Injection,{{cite web |url=https://www.helpnetsecurity.com/2007/10/10/attacking-the-build-through-cross-build-injection/ |title=Attacking the Build through Cross-Build Injection |date=October 10, 2007 |first1=Brian |last1=Chess |first2=Fredrick DeQuan |last2=Lee |first3=Jacob |last3=West |access-date=December 17, 2018}} Watch what you write: Preventing Cross-site scripting by observing program output,{{cite web |url=https://www.owasp.org/images/9/9d/OWASP-AppSecEU08-Madou.pdf |title=Watch What You Write: Preventing Cross-Site Scripting by Observing Program Output |first1=Matias |last1=Madou |first2=Edward |last2=Lee |first3=Jacob |last3=West |first4=Brian |last4=Chess |year=2008 |access-date=December 17, 2018}} and Dynamic taint propagation: Finding vulnerabilities without attacking.{{cite journal |url=https://dl.acm.org/citation.cfm?id=1371501 |journal=Information Security Tech |title=Dynamic taint propagation: Finding vulnerabilities without attacking |doi=10.1016/j.istr.2008.02.003 |volume=13 |number=1 |pages=33–39 |date=January 2008 |access-date=December 17, 2018|last1=Chess |first1=Brian |last2=West |first2=Jacob |url-access=subscription }}
See also
References
{{reflist}}
External links
- {{Official website}}
- {{cite news |url=https://www.bloomberg.com/news/articles/2006-09-25/software-isnt-complete-unless-its-secure |title=Software Isn't Complete Unless It's Secure |work=BusinessWeek |date=September 26, 2006 |first=Bill |last=Joy |author-link=Bill Joy |access-date=December 17, 2018}}
{{HP}}
{{OpenText}}
{{DEFAULTSORT:Fortify Software}}
Category:2003 establishments in California
Category:Hewlett-Packard acquisitions
Category:American companies established in 2003
Category:Software companies established in 2003
Category:Static program analysis tools
Category:Software companies based in the San Francisco Bay Area
Category:Companies based in San Mateo, California
Category:2010 mergers and acquisitions
Category:2017 mergers and acquisitions
Category:Micro Focus International