Fortify on Demand

Today we are officially launching Fortify on Demand. You can upload your compiled code, and we'll generate a vulnerability analysis report. Give us the source code too, and we'll include information about the offending lines of code. Give us a URL where the code is running, and we'll create an integrated static/dynamic analysis report, with the dynamic results courtesy of our friends at WhiteHat Security. (Press release here.)

I got started on static analysis in order to help programmers write better code, but I've learned there's a lot to be said for simply creating a code assessment. Non-programmers deserve answer questions like "Did I get what I paid for?" But non-programmers aren't usually in a position to make static analysis fly. And even if they are, the norm is a static analysis report that says things one way and a dynamic analysis report that says them another. Our early adopters (thanks guys!) are big on the ease-of-use factor. Multiple assessment techniques coming together in one report without any fussing around with code. What could be better?

If you want a closer look at what we've built, sign up for the webinar Jacob West and Jeremiah Grossman are giving on Jan 14. Register here.