Fortify 360 is the market leading suite of solutions to contain, remove and prevent vulnerabilities in software applications. The latest release, Fortify 360 Version 2.0, now includes governance capabilities allowing enterprises to fully manage their organization-wide Software Security Assurance effort. Fortify Vendor Security Management provides enterprises with Fortify's award-winning analysis technologies through a software-as-a-service offering, enabling companies to inspect the security of applications when source code is not available from commercial software vendors.

"One of the biggest challenges to implementing a Software Security Assurance program today is management," said Roger Thornton, co-founder and CTO of Fortify Software. "Today's environment requires security professionals to work with development, legal and executive teams, making the process of securing applications complex. Automation is the only way to ensure the efficiency of any software initiative-which requires an ability to give full visibility across all software assurance activities.

The addition of a Web-based SSA Governance module in Fortify 360 allows enterprises to:

• Create and manage a detailed application inventory of all enterprise software, and assign risk profiles to all applications, such as those that are Web-facing, outsourced or built in-house
• Automatically generate appropriate security policies tailored to each risk profile and apply them consistently
• Communicate and track processes via a centralized system accessible to developers and security teams

"Securing an enterprise's portfolio of software requires governance across all categories of applications, including in-house, third-party, outsourced, and open source, "said Jim Routh, chief information security officer of the Depository Trust & Clearing Corporation (DTCC). "You need to evaluate each application, developing a risk based inventory y as well as defining and consistently applying security activities for each supply chain component. Fortify's Governance Module will automate this process and provide visibility into the progress and status of software security across the organization's supply chain."

At the same time, businesses today also face the challenge of securing software purchased from commercial vendors. "For most organizations, third-party software represents a majority of their deployed applications, but often they have little visibility into the security of that software aside from constant, disruptive patches," continued Thornton. "Businesses today need to throw off that reactive mode of vendor management and adopt a preventative security approach that analyzes third-party software for vulnerabilities during the procurement or upgrade process and demand that significant problems be addressed prior to acceptance."

"Virtually every organization today is built and operated on software," said Barmak Meftah, Sr. Vice President of Products & Technology at Fortify Software. "Implementing software security assurance is imperative to mitigating the business risk associated with vulnerable applications, whether built in-house, outsourced, or acquired from commercial vendors. Fortify's solutions help customers deal with the immediate challenge of removing vulnerabilities from their existing applications as well as the systemic challenge of producing and acquiring secure software."

Fortify Vendor Security Management is Fortify's first Software-as-a-Service solution. It enables security teams to assess and verify the security of third-party software while allowing the vendor to stay in control of the process. Software vendors can upload their binaries, have a scan conducted, address any issues, and publish a report summarizing the security of their application back to the security team.

"Enterprises today face intense pressure to implement application security from compliance mandates, customers and, obviously, the increasing threat of cybercriminals and hackers," said Gartner analyst Joseph Feiman, VP and Gartner Fellow. "An effective program of software security governance enables enterprises to meet these challenges and make security part of the corporate DNA."

The SSA Governance module is included in the latest version of Fortify 360 Version 2.0, and is available immediately.

Fortify Vendor Security Management will be available as a beta on April 20.