Watchfire and Fortify Software Partner to Offer Comprehensive Web Application Security Scanning and Source Code Analysis Solution; Integrated Solution Secures Software Throughout Development Lifecycle

Business Wire, August 14, 2006

PALO ALTO, Calif. & WALTHAM, Mass. -- Fortify Software, the leading provider of source code analysis products and Watchfire, the worldwide market-leading provider of web application vulnerability assessment software and services, today announced a strategic partnership that will integrate the two companies' best-of-breed solutions. The integration of Fortify(R) Source Code Analysis Suite and Watchfire(R) AppScan(R) will bring to market a single solution to easily identify, analyze and remediate security vulnerabilities throughout the software development lifecycle (SDLC). Customers will benefit from a single user interface to view vulnerability data in one dashboard. Correlating source code and web application security scan results will increase the precision of identifying security vulnerabilities, provide critical information that helps users understand the impact vulnerabilities will have on the compiled code, and pinpoint specifically where errors exist -- easing the remediation process. The partnership also includes joint marketing and reselling opportunities.

Fortify Source Code Analysis Suite and Watchfire AppScan check for security vulnerabilities throughout the SDLC from development through deployment. AppScan scans web applications in pre- and post-deployment and analyzes them for security vulnerabilities. Fortify Source Code Analysis Suite finds, tracks and helps fix the exact code where security vulnerabilities lie, allowing developers to deliver secure software quickly and efficiently. When combined, the two market-leading solutions will achieve an even higher level of precision in recognizing security vulnerabilities and identifying the exact cause and location of errors within the source code.

"Scanning both raw source code and compiled web applications for software vulnerabilities is essential to ensuring the security of application systems," said Bruce H. Bonsall, Chief Information Security Officer, MassMutual Financial Group. "Today we use two different tool sets to accomplish those separate but related tasks. Having one interface to monitor the results of both code scanning and web vulnerability testing of our applications will likely save us time and resources. I like the decision by Fortify and Watchfire to align their development and marketing efforts. By virtue of such a partnership, the integration of the tools isn't left to the end users and they don't need to navigate two different interfaces. That helps simplify things and lets users focus on more important issues."

According to Gartner research, "Through 2010, software development organizations that integrate security into their software development life cycles will experience an 80 percent decrease in critical vulnerabilities found in their publicly released software or externally facing web applications."(1)

Fortify and Watchfire's integrated solution will bring to market the following advantages to developers and security experts:

--An integrated dashboard that will provide high-level visibility across the enterprise enabling companies to pinpoint and identify application vulnerabilities throughout their entire organization

--Improved visibility, metrics and compliance reporting

--Correlation between Watchfire AppScan and Fortify's Source Code Analysis results will lead to better accuracy and completeness of the findings

--The ability to identify, analyze and remediate security vulnerabilities throughout the software development lifecycle (SDLC) with one solution

Both the Fortify and Watchfire solutions work with existing development and audit tools, thus increasing the efficiency and accuracy of the software development, testing and resolution processes.

"Having built the first patent-pending solution that integrates source code analysis and black-box testing, we believe it's critical to combine these two capabilities into one solution and deliver a single dashboard interface and increased precision for software security overall," said John M. Jack, Chief Executive Officer, Fortify Software. "We chose to partner with Watchfire not only because they are the undisputed leader in black-box testing and the solution of choice for many of our customers, but because the partnership could quickly deliver on this vision of a best-of-breed, integrated solution demanded by our customers. Together, we can reach a larger audience of customers with a more comprehensive software security solution."

"In 2006, research from two leading industry analyst firms indicated that Watchfire is the market-share leader in application security testing solutions. By joining forces with Fortify, the market leader in source code analysis, we have created a very powerful partnership with over 900 combined customers," said Peter McKay, Chief Executive Officer, Watchfire. "Our respective customers are interested in combining both web application scanning and code scanning for an exponentially more secure software development lifecycle that not only yields higher quality applications, but is more cost-effective in the long run. Through this partnership, the market will benefit from an unprecedented and integrated solution combining the industry's most proven and widely adopted technologies."