Winner: Fortify Software for Fortify 360
Businesses are increasingly reliant on software to run their businesses, whether it's a website, a partner system or an internal application. Most software was developed without security in mind, which has led to significant data breaches. In order to combat this threat, companies are purchasing new technologies that either analyze an application's source code, try to hack a running application, or proactively protect a deployed application. However, companies have been slowed by the lack of integration. Each technology produces its own set of results that can't be correlated with the others. Fortify offers all three, and Fortify 360 offers them in one solution. Fortify 360 analyzes the code, tests the running application and then protects it once deployed – all while feeding information about the application back to a central server, where the results are correlated and prioritized.
Competitors have introduced point solutions that execute on a single component of Fortify 360. For example, there are competitors focusing just on source code analysis, dynamic testing or real-time protection (application firewalls). However, few of these companies have been able to integrate all three capabilities or create the ability to correlate and prioritize results, enabling security and development teams to identify the most comprehensive and accurate list of vulnerabilities as well as to manage the process of securing applications throughout the development lifecycle together.
Fortify Software's Fortify 360 correlates information from a source code scan, a dynamic security test and real-life attack data from an application firewall to provide the most insight into how an application is vulnerable. It includes the Collaboration Module, which presents a centralized interface for development teams and security teams to work together in the process of fixing the vulnerabilities in an app. It allows an organization to centrally manage, track and report on the process of testing and securing applications while providing threat intelligence.Finalists 2009
- Fortify Software for Fortify 360
- Hewlett-Packard for HP DevInspect
- IBM for IBM Rational AppScan Developer Edition
- RSA, the security division of EMC, for RSA BSAFE
- VeriSign for VeriSign Code Signing