Company type | Software Vendor |
---|---|
Industry | Computer software |
Genre | Software Security Assurance |
Founded | 2003 |
Founder | Ted Schlein of Kleiner, Perkins, Caufield & Byers, Mike Armistead, Brian Chess, Arthur Do, Roger Thornton |
Headquarters | , United States |
Key people | John M. Jack (former CEO), Jacob West (head of Security Research Group), Brian Chess (former Chief Scientist), Arthur Do (former Chief Architect) |
Owner | OpenText |
Website | OpenText OpenText Cybersecurity Cloud |
Fortify Software, later known as Fortify Inc., is a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010, [1] [2] [3] Micro Focus in 2017, and OpenText in 2023.
Fortify offerings included Static application security testing (SAST) [4] and Dynamic application security testing [5] products, as well as products and services that support Software Security Assurance. In 2011, Fortify introduced Fortify OnDemand, a static and dynamic application testing service. [6]
Fortify Software was founded by Kleiner Perkins in 2003. Fortify Inc. was acquired by HP in 2010. [7]
On September 7, 2016, HPE CEO Meg Whitman announced that the software assets of Hewlett Packard Enterprise, including Fortify, would be merged with Micro Focus to create an independent company of which HP Enterprise shareholders would retain majority ownership.[ citation needed ]
Micro Focus CEO Kevin Loosemore called the transaction "entirely consistent with our established acquisition strategy and our focus on efficient management of mature infrastructure products" and indicated that Micro Focus intended to "bring the core earnings margin for the mature assets in the deal - about 80 percent of the total - from 21 percent today to Micro Focus's existing 46 percent level within three years." [8] The merge concluded on September 1, 2017.[ citation needed ]
OpenText acquired Micro Focus (including Fortify Software products) in 2023.
Fortify's technical advisory board was composed of Avi Rubin, Bill Joy, David Wagner, Fred Schneider, Gary McGraw, Greg Morrisett, Li Gong, Marcus Ranum, Matt Bishop, William Pugh, and John Viega.
Fortify created a security research group that maintained the Java Open Review project [9] and the Vulncat taxonomy of security vulnerabilities in addition to the security rules for Fortify's analysis software. [10] Members of the group wrote the book Secure Coding with Static Analysis, and published research, including JavaScript Hijacking, [11] Attacking the build: Cross build Injection, [12] Watch what you write: Preventing Cross-site scripting by observing program output, [13] and Dynamic taint propagation: Finding vulnerabilities without attacking. [14]
HP Autonomy, previously Autonomy Corporation PLC, was an enterprise software company which was merged with Micro Focus in 2017 and OpenText in 2023. It was founded in Cambridge, United Kingdom in 1996.
Mercury Interactive Corporation was an Israeli company acquired by the HP Software Division. Mercury offered software for application management, application delivery, change and configuration management, service-oriented architecture, change request, quality assurance, and IT governance.
LoadRunner is a software testing tool from OpenText. It is used to test applications, measuring system behavior and performance under load.
Micro Focus Content Manager is an electronic document and records management system (EDRMS) marketed by Micro Focus.
Software assurance (SwA) is a critical process in software development that ensures the reliability, safety, and security of software products. It involves a variety of activities, including requirements analysis, design reviews, code inspections, testing, and formal verification. One crucial component of software assurance is secure coding practices, which follow industry-accepted standards and best practices, such as those outlined by the Software Engineering Institute (SEI) in their CERT Secure Coding Standards (SCS).
Dynamic program analysis is the act of analyzing software that involves executing a program – as opposed to static program analysis, which does not execute it.
OpenText™ UFT One, an AI-powered functional testing tool, accelerates test automation across desktop, web, mobile, mainframe, composite, and packaged enterprise-grade applications.
HP Application Security Center (ASC) was a set of technology solutions by HP Software Division. Much of the portfolio for this solution suite came from HP's acquisition of SPI Dynamics. The software solutions enabled developers, quality assurance (QA) teams and security experts to conduct web application security testing and remediation. The security products have been repackaged as enterprise security products from the HP Enterprise Security Products business in the HP Software Division.
OpenText Quality Center, formerly known as Micro Focus Quality Center and HP Quality Center, is a quality management software offered by OpenText who acquired Micro Focus in 2023. Micro Focus acquired the software division of Hewlett Packard Enterprise in 2017, with many capabilities acquired from Mercury Interactive Corporation. Quality Center offers software quality assurance, including requirements management, test management and business process testing for IT and application environments. Quality Center is a component of the Micro Focus Application Lifecycle Management software set.
ArcSight, Inc. was an American software company that provided security management and compliance software packages for enterprises and government agencies. The company was acquired by Hewlett-Packard (HP) in 2010. When HP split into two companies, HP Inc. and Hewlett Packard Enterprise, HP's ArcSight subsidiary was transferred to the latter company. HPE later sold the ArcSight subsidiary to Micro Focus. OpenText acquired Micro Focus in 2023.
The Hewlett-Packard Company, commonly shortened to Hewlett-Packard or HP, was an American multinational information technology company headquartered in Palo Alto, California. HP developed and provided a wide variety of hardware components, as well as software and related services to consumers, small and medium-sized businesses (SMBs), and fairly large companies, including customers in government, health, and education sectors. The company was founded in a one-car garage in Palo Alto by Bill Hewlett and David Packard in 1939, and initially produced a line of electronic test and measurement equipment. The HP Garage at 367 Addison Avenue is now designated an official California Historical Landmark, and is marked with a plaque calling it the "Birthplace of 'Silicon Valley'".
HP IT Management Software is a family of Enterprise software products by OpenText as a result of the spin-merge of Hewlett Packard Enterprise's software assets with Micro Focus in 2017 and acquisition of Micro Focus by OpenText in 2023. The division was formerly owned by Hewlett Packard Enterprise, following the separation of Hewlett-Packard into HP Inc. and Hewlett Packard Enterprise in 2015. IT management software is a family of technology that helps companies manage their IT infrastructures, the people and the processes required to reap the greatest amount of responsiveness and effectiveness from today's multi-layered and highly complex data centers. Beginning in September 2005, HP purchased several software companies as part of a publicized, deliberate strategy to augment its catalog of IT management software offerings for large business customers. According to ZDNet and IDC, HP is the world's sixth largest software company.
Data Protector software is automated backup and recovery software for single-server to large hybrid enterprise environments, supporting disk storage, tape and cloud storage targets. It provides cross-platform, online backup of data for Microsoft Windows, Unix, and Linux operating systems. The last version to use the OmniBack name was version 4.1, which was retired in 2004.
OpenText ALM (Application Lifecycle Management) is a comprehensive solution designed to support and enhance the entire lifecycle of application development and management. It provides robust tools for planning, development, testing, deployment, and maintenance, ensuring that software projects are delivered efficiently and effectively.
Cigital was a software security managed services firm based in Dulles, VA. The services they offered included application security testing, penetration testing, and architecture analysis. Cigital also provided instructor-led security training and products such as SecureAssist, a static analysis tool that acts as an application security spellchecker for developers.
The Micro Focus Enterprise Security Products business is part of the software business of Micro Focus. HP Enterprise Security Products was built from acquired companies Fortify Software, ArcSight, and TippingPoint and Atalla, which HP bought in 2010 and 2011. HPE has since sold TippingPoint and has announced the intention to divest the entire HP Enterprise Software business unit by spinning it out and merging it with Micro Focus. The merge concluded on September 1, 2017.
Utimaco Atalla, founded as Atalla Technovation and formerly known as Atalla Corporation or HP Atalla, is a security vendor, active in the market segments of data security and cryptography. Atalla provides government-grade end-to-end products in network security, and hardware security modules (HSMs) used in automated teller machines (ATMs) and Internet security. The company was founded by Egyptian engineer Mohamed M. Atalla in 1972. Atalla HSMs are the payment card industry's de facto standard, protecting 250 million card transactions daily as of 2013, and securing the majority of the world's ATM transactions as of 2014.
RIPS is a static code analysis software, designed for automated detection of security vulnerabilities in PHP and Java applications. The initial tool was written by Johannes Dahse and released during the Month of PHP Security in May 2010 as open-source software. The open-source version is released under the GNU Lesser General Public License and was maintained until 2013.
Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash.