Business Software Assurance Changes IT Security Landscape

Market Leader Fortify Software Presents New Approach to Protecting the
Enterprise

    SAN MATEO, Calif., March 31 /PRNewswire/ -- Fortify(R) Software, the
market leader in enterprise application security solutions, announced today
Business Software Assurance (BSA) http://www.fortify.com/bsa, a new security
strategy that provides organizations a blueprint for minimizing business risks
associated with the exploitation of software and vital corporate assets.
    Business Software Assurance, a holistic approach to protecting corporate
digital assets at the most fundamental level -- where they reside in software
-- is based on the premise that enterprise security must come from within.
Anchored by the release of Fortify 360 (see separate press release), Business
Software Assurance is Fortify's vision for changing the mindset around
security, so that enterprises can reduce business risk and adhere with
stringent compliance mandates while protecting their company from the inside
out.
    "Businesses today are built and operated by software that houses
intellectual property, business processes and trade secrets that are vital to
the health of an enterprise," said Roger Thornton, Fortify's Chief Technology
Officer and a company founder.  "Unfortunately, most of this software is
developed to be open and functional, or was developed pre-Internet, and is
therefore not necessarily secure. This creates a significant vulnerability at
the company's core.  Business Software Assurance teaches organizations to
address potential weaknesses in their everyday operations before they become
exploitable."
    Traditionally, companies have largely depended on "perimeter-based"
approaches like network security to prevent data predators and criminals from
gaining access to corporate information.  However, the demands of today's open
business environment weaken the protection provided by firewalls and other
perimeter security efforts, leaving a corporation's applications easily
accessible and vulnerable to hackers.  Application security tools such as
penetration testing provide some measure of protection, but typically only
address the indicators of insecure software, rather than the actual cause --
insecure code.
    "The single biggest step for businesses to reduce risk today is to force
major improvements in poorly designed and insecure software and applications,"
said senior analyst John Pescatore of Gartner.  "By focusing on strengthening
applications at the basic code level, business can greatly increase the
protection of critical customer and business data while actually reducing how
much they have to spend on shielding and patching vulnerable production
applications."
    Despite a burgeoning security market, in which billions of dollars are
spent annually on the perimeter-only mindset, the number of large scale
corporate hacks has steadily increased over the last several years. The
profile of today's data predator has evolved as well -- they no longer are
just deviant teenage hackers who brag about their exploits.  Instead, today's
cyber criminals are organized crime rings and even nation states intent on
hiding their incursions as long as possible to extract the biggest financial
payout.
    "As a CISO for a major telecommunications provider, I'm constantly worried
that a hacker is going to find a vulnerability in one of our hundreds of
applications before I do," said Marco Bavazzano, Chief Security Officer of
Telecom Italia.  "Only by adopting a holistic approach such as Fortify's
Business Software Assurance and building security into our core processes, can
I really mitigate this risk and protect our company."
    "The security tools out there today, be they firewalls or Pen testing,
provide an incomplete solution. We continue to watch hackers find and exploit
vulnerabilities at some of the world's biggest corporations and most
highly-trafficked websites," said John Jack, CEO of Fortify Software.  "We've
had customers who regularly failed compliance audits because these solutions
just weren't cutting it alone.  Today's data predators are sophisticated and
organized, and they have found ways to attack you at your weakest point --
your software. You have to protect your core."
    Backed by leading venture capital firm Kleiner Perkins Caufield & Byers
for its forward-thinking take on enterprise security, Fortify Software has
quickly penetrated the market and established itself as a thought leader in
the security field.  The company more than doubled its revenue from 2006 to
2007 and made a massive overseas expansion into Europe and Asia.  It has also
grown its U.S. presence by developing a civilian agency-focused government
team.
    Fortify's products are used worldwide by leading companies, including 9 of
the top 10 global banks, and as of 2008, two-thirds of the United States' net
deposits run through Fortified code.  The company recently closed a $7 million
deal with the United States Air Force to deploy the cornerstone of Business
Software Assurance, the Fortify 360 security suite, and it also notes as among
its recent customers the three largest branches of the United States military,
two of Europe's largest telecommunications companies and its largest
e-commerce site, Betfair.
    "The global business environment has changed," says Ted Schlein, a
managing partner at Kleiner Perkins. "Yet, security technologies and the
market mindset have not.  Fortify understands this and its vision of Business
Software Assurance is redefining the security market to address tomorrow's
threats today. Soon no business application will be built or purchased without
going through a process that ensures it can protect itself from the inside
out."
    About Fortify Software, Inc.
    Fortify(R) Software products protect companies from the threats posed by
security flaws in business-critical software applications. Its software
security suite -- Fortify 360 -- drives down costs and security risks by
implementing threat intelligence, automating key processes of developing and
deploying secure applications. Fortify Software's customers include government
agencies and FORTUNE 500 companies in a wide variety of industries, such as
financial services, healthcare, e-commerce, telecommunications, publishing,
insurance, systems integration and information management. The company is
backed by world-class teams of software security experts and partners. More
information is available at http://www.fortify.com.
SOURCE  Fortify Software, Inc.

Katherine Nellums of Merritt Group, +1-415-247-1663, Nellums@merrittgrp.com,
for Fortify Software, Inc.