HP today
announced HP Fortify
Static Code Analyzer (SCA) 4.0, delivering a new approach that
enables organizations to assess the security of software up to 10 times faster
than previous versions of the solution through more accurate and parallelized
static application security testing.(1)
The
explosive growth in new cloud and mobile technologies has significantly
increased the demand for new software development. This in turn has put a
strain on many organizations’ ability to do thorough security testing prior to
application deployment. As a result, secure development practices have
declined, decreasing the effectiveness of software vulnerability discovery.
From 2011 to 2012, the total vulnerabilities disclosed increased by 19 percent,(2)and
in a 2012 application survey, 99 percent of the applications tested had one or
more serious security vulnerabilities.(3) Further, in the last
five years, mobile application vulnerability disclosures have increased almost
800 percent.(2)
“Software
security vulnerabilities are becoming more prevalent as the demand to support
new technology needs escalates,” said Mike Armistead, vice president and
general manager, Enterprise Security Products, Fortify, HP. “A holistic
approach to software security is imperative, and with the HP Fortify portfolio,
organizations have the ability to assess vulnerabilities across all of their
software, assure security flaws are resolved before deployment, and protect
applications from attacks once in production.”
Building on
HP Fortify’s flagship offering, HP Fortify SCA 4.0 delivers a new approach to
improving overall scan performance with heightened precision to support faster
vulnerability detection and resolution. This approach enables the analysis of
multiple software application threads in parallel to enable:
Ten times
faster scans and reduced false positives by 20 percent over previous versions
of the product, enabling organizations to evaluate more software at a quicker
pace and with improved results.(1)
Improved software
security intelligence reports that equip IT departments with risk-ranked lists
of issues for mobile, web, client and server applications, ensuring the timely
resolution of high-priority vulnerabilities.
Reduced
application development time through more frequent security testing by enabling
full application scanning without impacting development process.
Flexible
deployment options to fit any organization’s business needs through either
on-premises or on-demand access. HP Fortify SCA 4.0 is already powering faster,
more accurate static application security assessments in the HP Fortify on
Demand cloud-based application security-as-a-service solution.
HP was
recognized as an IT leader in the Application Security Testing (AST) market by
Gartner in the 2013 Gartner Magic Quadrant for Application Security Testing
report.(4) By bringing together SPI Dynamic and Fortify
Software, HP was instrumental in the creation of a combined category that
includes both static and dynamic application security testing.
Availability
HP Fortify
SCA 4.0 will be available worldwide beginning September 2013.
HP’s premier
EMEA client event, HP Discover,
takes place Dec. 10-12 in Barcelona, Spain.
HP’s annual
enterprise security event, HP Protect,
will take place Sept. 16-19 in Washington, D.C.
(1) Internal HP performance
testing.
(2) HP 2012 Cyber Risk Report,
2012.
(3) Cenzic, “Application
Vulnerability Trends Report,” 2013.
(4) Gartner, Inc., “Magic Quadrant
for Application Security Testing,” Neil MacDonald and Joseph Feiman, July 2,
2013. Gartner does not endorse any vendor, product or service depicted in its
research publications, and does not advise technology users to select only
those vendors with the highest ratings. Gartner research publications consist
of the opinions of Gartner’s research organization and should not be construed
as statements of fact. Gartner disclaims all warranties, expressed or implied,
with respect to this research, including any warranties of merchantability or
fitness for a particular purpose.
This news
release contains forward-looking statements that involve risks, uncertainties
and assumptions. If such risks or uncertainties materialize or such assumptions
prove incorrect, the results of HP and its consolidated subsidiaries could
differ materially from those expressed or implied by such forward-looking
statements and assumptions. All statements other than statements of historical
fact are statements that could be deemed forward-looking statements,
including but not limited to statements of the plans, strategies and
objectives of management for future operations; any statements concerning
expected development, performance, market share or competitive performance
relating to products and services; any statements regarding anticipated
operational and financial results; any statements of expectation or belief; and
any statements of assumptions underlying any of the foregoing. Risks,
uncertainties and assumptions include the need to address the many challenges
facing HP’s businesses; the competitive pressures faced by HP’s businesses;
risks associated with executing HP’s strategy; the impact of macroeconomic and
geopolitical trends and events; the need to manage third party suppliers and
the distribution of HP’s products and services effectively; the protection of
HP’s intellectual property assets, including intellectual property licensed
from third parties; risks associated with HP’s international operations; the
development and transition of new products and services and the enhancement of
existing products and services to meet customer needs and respond to emerging
technological trends; the execution and performance of contracts by HP and its
suppliers, customers and partners; the hiring and retention of key employees;
integration and other risks associated with business combination and investment
transactions; the execution, timing and results of restructuring plans,
including estimates and assumptions related to the cost and the anticipated
benefits of implementing those plans; the resolution of pending investigations,
claims and disputes; and other risks that are described in HP’s Quarterly
Report on Form 10-Q for the fiscal quarter ended April 30, 2013 and HP’s other
filings with the Securities and Exchange Commission, including HP’s Annual
Report on Form 10-K for the fiscal year ended October 31, 2012. HP assumes no
obligation and does not intend to update these forward-looking statements.
Comments