PROACTIVE RISK
  • About
    • 800 lb Gorilla
    • Our Manifesto
    • Simple Agreements >
      • Mutual Confidentiality and Non Disclosure Agreement
      • Master Agreement | Work Order
    • BLOG
    • Capabilities Summary
    • Request Support
    • Contact Us
  • SOLUTIONS
    • Fractional CIO/CISO
    • Cyber Recruiter
    • Threat Modeling
    • Policies and Plans
    • MonitorIT®
    • Software Development
    • Domains | DNS
    • PhishIT®
    • MeasureRISK®
    • Vendor Risk
    • CATSCAN®
    • Physical Security
    • Backup Resiliency
    • ProtectIT®
    • ManageIT®
    • FINDIT® >
      • RAPTOR eDiscovery
  • RESOURCES
    • Tech News
    • Videos
    • Store
    • Guides | Tools
    • STAFF

GRAY BEARD BLOG

SHARING RANDOM THOUGHTS ON TECH

Finding needles in a haystack

2/2/2023

Comments

 
I recently did a interview on the Reimagining Cyber Podcast about advancements in the software security industry. I then took some time to think about the Fortify product that I have worked with for so many years.  The pro and the con, what are your thoughts?

OpenText - Fortify

Pros of using source code tools like Fortify for software code quality:
  1. Identifying security vulnerabilities: Fortify helps identify security vulnerabilities in source code, such as buffer overflows, cross-site scripting (XSS), and SQL injection. This can help prevent attacks and protect sensitive data.
  2. Improving code quality: Fortify provides in-depth analysis of source code, helping developers improve the quality and maintainability of the code. This can lead to faster development and reduced time spent fixing bugs.
  3. Automation: Fortify automates many code quality checks, reducing the time and effort required to manually review code. This can help developers focus on more important tasks and reduce the risk of human error.
  4. Integration with development tools: Fortify can integrate with development tools such as integrated development environments (IDEs) and continuous integration (CI) pipelines, making it easier to use and incorporate into the development process.
Cons of using source code tools like Fortify:
  1. False positives: Fortify may produce false positives, indicating security vulnerabilities that don't actually exist. This can lead to wasted time and resources fixing non-existent issues.
  2. False negatives: Fortify may miss real security vulnerabilities, as it can only identify vulnerabilities it has been programmed to find.
  3. Resource requirements: Fortify can be resource-intensive and slow down the development process, especially on large codebases.
  4. Cost: Fortify can be expensive, making it a challenge for smaller organizations or projects with limited budgets.
Overall, source code tools like Fortify can be a valuable tool for improving software code quality and identifying security vulnerabilities. However, it's important to understand its limitations and to use it as part of a comprehensive software development process, including manual code reviews and other security measures.
Comments

    Tom Brennan

    This is my blog, there are many like it but this one is mine. Enjoy.

    View my profile on LinkedIn

    BLOG Archives

    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    August 2022
    April 2022
    August 2021
    March 2021
    January 2021
    August 2020

    Categories

    All
    CMMC
    COMMUNITY
    TECHTIP

    RSS Feed

Contact Info

Proactive Risk Inc.
Tel: +1 (973) 298-1160
Web: www.proactiverisk.com
eMail: sales(at)proactiverisk.com

CONTACT US
Picture
© COPYRIGHT 2023. ALL RIGHTS RESERVED.
  • About
    • 800 lb Gorilla
    • Our Manifesto
    • Simple Agreements >
      • Mutual Confidentiality and Non Disclosure Agreement
      • Master Agreement | Work Order
    • BLOG
    • Capabilities Summary
    • Request Support
    • Contact Us
  • SOLUTIONS
    • Fractional CIO/CISO
    • Cyber Recruiter
    • Threat Modeling
    • Policies and Plans
    • MonitorIT®
    • Software Development
    • Domains | DNS
    • PhishIT®
    • MeasureRISK®
    • Vendor Risk
    • CATSCAN®
    • Physical Security
    • Backup Resiliency
    • ProtectIT®
    • ManageIT®
    • FINDIT® >
      • RAPTOR eDiscovery
  • RESOURCES
    • Tech News
    • Videos
    • Store
    • Guides | Tools
    • STAFF