Fortify Software is the leader in the category of Software Security Assurance. We provide unique security solutions that protect government agencies from today's greatest security risk: the software that runs their agencies. Government organizations throughout the US and across the globe are experiencing dramatic increases in the quantity and sophistication of cyber crime attacks. The hackers include foreign governments, organized crime, and even individuals.

As a result of the recent increase, several compliance regulations, such as FISMA, have been developed to help government agencies understand what steps need to be taken. However most agencies find they must go beyond FISMA to ensure they are protecting the software that runs their agencies and the securing their confidential data. Fortify offers a comprehensive suite of solutions, which enables an agency to conduct static analysis of an application's source code and dynamic analysis of a running application.

Our Website:

Latest Content From Fortify

Whitepaper: Ready, Aim, Fortify! U.S. Army Deploys Application Security Regimen for its Munitions System

by FortifyFeb 16, 2010

U.S. Army Deploys Application Security Regimen for its Munitions System

The Total Ammunition Management Information System (TAMIS) is the U.S. Army application that manages conventional munitions for wartime, training and testing operations across the U.S. Armed Forces.

TAMIS handles approximately 350,000 ammunition transactions per month from units located all around the world, supporting more than 7,000 authorized personnel who request, approve and manage munitions. The web-enabled system calculates combat load requirements, validates and routes electronic requests, collects expenditures, and prepares forecasts. More than 50,000 munitions reports are generated each month on the nearly $3 billion in conventional ammunition authorizations managed each year.

The primary objectives of TAMIS are to improve munitions governance and to provide military personnel with essential analytical tools that enable a trained and ready armed force.

Understand how Fortify helped the U.S. Army to educed risk for the software vunerabilities for the TAMIS project; established a development life cycle approach to software security; and enhanced the U.S. Army�s security posture with a higher level of confidence.

Whitepaper: Application Security's Role in FISMA Compliance

by FortifyDec 17, 2009

The Federal Information Security Management Act of 2002 provides a comprehensive framework for ensuring effective information security controls for all federal information and assets. The Act aims to bolster computer and network security within the Federal Government by mandating periodic audits. Based on this framework, FISMA mandates that all government agencies report their overall security posture to the Office of Management and Budget, which in turn reports to Congress annually.

In addition, the National Institute of Standards and Technology (NIST) is chartered with developing and issuing standards and guidelines that federal agencies must follow to implement and manage cost-effective FISMA programs. It has created a risk-based framework that federal agencies can use to assess, select, monitor and document security controls for their information systems.

Still, for organizations tasked with complying with FISMA, there are many challenges. As some agencies have learned, putting NIST�s 800-Series guidelines into effect requires more than simple security scans or adherence to a schedule of periodic audit and reporting cycles. Successfully meeting its requirements requires fundamental cross-organizational changes and often intra-agency procedures that often are challenging to affect.

Compliance regulations such as these have been developed to help government agencies ensure that the software that runs their agencies is protected. This CISO�s Guide to FISMA provides a checklist for Government CISO�s to help understand what steps need to be taken to protect their agency�s confidential data and information.

Whitepaper: A CISO's Guide to Application Security

by FortifyNov 24, 2009

Security breaches are expensive. They cost time, effort, remediation, and reputation restoration. Many IT decision-makers tend to focus their security efforts almost exclusively at the network perimeter. They overlook the software applications that run their day-to-day agencies. These applications are often packed with Social Security numbers, addresses, personal health information, or other sensitive data.

Focusing on security features at both the infrastructure and application level isn�t enough. Organizations must also consider flaws in their design and implementation. Hackers looking for security flaws within applications often find them, thereby accessing hardware, operating systems and data. In fact, according to Gartner, 75% of security breach�es are now facilitated by applications. The National Institute of Standards and Technology raises that estimate to 92%. And from 2005 to 2007 alone, the U.S. Air Force says application hacks increased from 2% to 33% of the total number of at�tempts to break into its systems.

To secure your agency�s data, your approach must include an examination of the application�s inner workings, and the ability to find the exact lines of code that create security vulnerabilities. It then needs to correct those vulnerabili�ties at the code level. Finally, a comprehensive prevention strategy is needed to fend off future attacks and mitigate current ones.

As a CISO, you understand that application security is important. What steps can you take to avoid a security breach? Read the CISO�s Guide to Application

Whitepaper: Best Practices: ProveIT Case Study for U.S. Air Force Software Assurance Center of Excellence

by FortifyOct 23, 2009

ProveIT case studies provide government end users with assessments of IT solutions. This ProveIT case study examines a U.S. Air Force initiative to implement application security/software assurance practices following the massive breach of an Air Force information system.

The U.S. Air Force began realizing that it had been losing unknown quantities of data and information. These data losses came about as the Air Force moved from using closed systems or client-server systems to the open Web. Like the rest of the federal government, the Air Force was increasingly creating or acquiring Web-based systems or bolting on Web interfaces to legacy systems to open them up to outside systems and users - as well as threats and actual attacks.

This case study discusses the approach taken by the Air Force in creating the Application Software Assurance Center of Excellence (ASACoE), and its approach to implementing software security.