Fortify Software Source Code Analysis

August 15, 2007

The Fortify offering is a software-based solution which is also aCASE (computer aided software engineering) utility. Any source code canbe reviewed with the Source Code Analysis (SCA) suite. This ties tightly tothe PCI-DSS standards, which require code reviews, and also should bepart of a SDLC (system development life cycle). The use of source codeanalysis is, of course, the best way to spot flaws and, unlike most ofthe products we tested, is not a black box test.

Source Code Analysis (SCA) suite supports many languages — includingASP.NET, C/C++, C#, ColdFusion, Java, JSP, PL/SQL, T-SQL, XML, VB.NETand other .NET languages. Source Code Analysis (SCA) suite also supportsseveral development environments, such as Microsoft Visual Studio,Eclipse, WebSphere Application Developer and IBM Rational ApplicationDeveloper. Source Code Analysis (SCA) suite can be installed on a variety ofoperating systems, including Windows, Mac, Solaris, Linux, AIX and HPUX.

The installation of the suite was simple and the utilityautomatically downloads updates during part of the installationprocess. The process was a bit time-consuming as the process configuredthe system. The application installation performs most of theconfiguration without the need for user intervention. All in all, theinstallation process was among the simplest in this Group Test.

The suite arrived with a guide for the initial installation in hardcopy. A PDF version of the document is also available. The PDF filesare not indexed and searchable, so the PDF needs to be scannedmanually.

Support is offered through phone and a password-protected webportal, and also through email. In addition, the standard price allowsfor quarterly updates for the latest security tests for code review.Phone support is available 6 a.m. to 6 p.m. Pacific Standard Time.

The pricing for Source Code Analysis Suite is $1,200 per developer.This prices Source Code Analysis (SCA) suite at the low end of the spectrum.For a feature rich CASE environment, this price is definitely a value.

Product title
Fortify Software Source Code Analysis
Product info
Name: Source Code Analysis Suite Description: Price: $600 per developer
Strength
Scans code prior to implementation to catch holes before they happen.
Weakness
For the non-full-time programmer, the utility might be a bit tricky. Verdict:
Verdict
A great CASE program, which should be used as part of any system development lifecycle.
prestitial ad