Fortify Software Introduces Fortify Source Code Analysis Suite 4.0

Industry-Leading Software Security Product Provides New Benefits to

Development, Audit, and Security Teams

Oct 02, 2006, 01:00 ET from Fortify Software, Inc.

    PALO ALTO, Calif., Oct. 2 /PRNewswire/ -- Fortify Software, the leading
 provider of security products that help companies identify, manage and
 remediate software vulnerabilities, today announced the immediate
 availability of Fortify Source Code Analysis Suite 4.0. The latest edition
 of Fortify's award-winning software security suite builds on its proven
 record of identifying and eliminating the most security vulnerabilities,
 and introduces important new features that will benefit development, audit,
 and information security teams for enterprise deployments.
     "Securing exposed applications and Web services continues to be a
 critical enterprise need," said Mike Armistead, Vice President of Products,
 Fortify Software. "Fortify Source Code Analysis Suite is the de facto
 standard in source code security analysis and this new version provides
 significant enhancements based on the experience from our multi-industry,
 wide-ranging deployments across the globe."
     For Information Security teams, Fortify Source Code Analysis 4.0 offers
 increased support for enterprise deployments, including additional
 management controls, increased customization capabilities, and expanded
 reporting abilities. For Software Security Auditors, it provides an
 enhanced rule writing capability and increased clarity into the analysis
 process. For Developers, Fortify Source Code Analysis 4.0 brings expanded
 language support, integration with the popular open-source defect detection
 tool Findbugs, and a new "touchless build" feature that makes integrations
 with build and development environments even easier.
     "Fortify Source Code Analysis 4.0 delivers enhanced performance and
 advanced features, providing customers with the confidence that their
 software is secure and therefore complete," said Barmak Meftah, Vice
 President of Engineering, Fortify Software. "These new features further
 enhance the product to better support development and security
 organizations from the desktop to the enterprise."
     About Fortify Source Code Analysis Suite 4.0
     Fortify Source Code Analysis Suite delivers market leading capabilities
 that help security, testing and development teams eliminate security
 vulnerabilities in software applications. Fortify Software's patent-pending
 technology delivers the most accurate and reliable results, with low false
 positives. An extensive knowledge base of secure coding rules provides
 confidence that critical vulnerabilities will be identified and eliminated
 in order to make software complete before it is deployed.
     Fortify Source Code Analysis Suite is designed to be implemented
 quickly and efficiently with customer environments, and seamlessly analyzes
 across application architectural tiers, languages (Java, .NET (C#, VB),
 C/C++, JSP, PL/SQL, Cold Fusion, T-SQL, & XML), platforms (Windows, Linux,
 Solaris, AIX, Mac OS X), and systems. In addition, it provides customizable
 reporting and rules capabilities to provide tailored results that meet
 different groups' needs.
     Fortify Source Code Analysis 4.0 new features include:
     -- Expanded Support for Enterprise Deployments, including:
        - Fortify Software Security Manager 4.0 adds new reports and options to
          its pre-packaged reports.  Gain insight and share valuable data with
          new reports such as the Single Scan Report -- a report that brings
          together relevant information from an individual scan, including top
          10 problem files, vulnerability category distribution and issue
        - Improved report file format support lets organizations create custom
          reports in more formats, including Microsoft Word.
        - Fortify Software Security Manager's dashboard view can now be
          personalized to display select projects and groups for each
          authorized user.
        - Fortify Software Security Manager enhances and expands its reporting
          capabilities for project groups.  With Version 4.0, you can report on
          projects however you define them -- per single code module or a
          logical grouping of many applications.
        - Fortify Software Security Manager leverages current investments, and
          makes permission management significantly easier.   Users can now:
          * manually define custom user groups
          * select from an organization's existing LDAP-compatible user
            directory (such as Microsoft Active Directory).  Fortify Software
            Security Manager will inherit groups, project permissions and
            authorization roles already defined by the LDAP directory.
        - Fortify Software Security Manager's database records can be encrypted
          for increased security.
     -- Findbugs Integration:  Findbugs, a popular open-source program that
        discovers over 250 bug types in Java code, has been integrated into
        Fortify Audit Workbench.  Now developers can review quality and
        security defects together, saving time and improving the ease of use.
     -- Touchless Builds:  Get results quickly through easy integration with
        build and development environments.  Complex systems which utilize
        standard build tools such as Apache ant, Unix make, and Windows make
        can be analyzed in their entirety with a single Fortify SCA command.
     -- Results Certification:  This new capability provides source code
        security auditors and security teams with exact details of what files,
        settings, and rules were used in an analysis.
     -- Custom Structural Rules:  Security leads can now create custom
        structural rules, including rules that search for comments or string
        literals in C/C++ and Java source code.
     -- Additional Language Support:  Fortify now offers support for Cold
        Fusion 5.0 and JSP Expression Language, as well as expanded structural
        analysis for .NET.
     -- Storage and Performance Improvements:  Fortify Source Code Analysis
        engine now produces highly compressed results files, dramatically
        reducing storage requirements and upload speeds into Fortify Audit
        Workbench and Integrated Development Environments.
     About Fortify Software, Inc.
     Fortify Software products protect companies from the threats posed by
 security flaws in business-critical software applications. Its software
 security products, Fortify Source Code Analysis Suite, Fortify Security
 Tester and Fortify Application Defense drive down costs and security risks
 by automating key processes of developing and deploying secure
 applications. Fortify Software's customers include government agencies and
 Fortune 500 companies in a wide variety of industries such as financial
 services, healthcare, e-commerce, telecommunications, publishing,
 insurance, systems integration and information management. The company is
 backed by a world-class team of software security experts and partners.
 More information is available at .

SOURCE Fortify Software, Inc.