Friday, 5 February 2010

Fortify Joins Microsoft's SDL Pro Network

« Good Boy, Have a Star! | Main | Hitler and Cloud Computing Security »

Recently, Microsoft welcomed seven additional companies to join their Microsoft SDL Pro Network. We’re excited to announce that Fortify has joined the SDL Pro Network as a Tools provider.

So, what exactly does this mean to Fortify users? Well, it means that Fortify along with the Fortify 360 product suite can be used to help an organization manage and comply with Microsoft’s prescribed SDL.

Specifically, the seven portions of the MS SDL are addressed by Fortify in the following ways:

*: The roll-out and deployment of the MS SDL can be managed through the Fortify 360 Governance module. Fortify user’s simply need to use the Fortify created MS SDL process template that best models their organizations security maturity level (Fortify provides support for Advanced level down to Basic level maturity), load the process template into Fortify 360, and follow the prescribed requirements and activities.

Training: Fortify Training provides comprehensive secure development practices which address all phases of the Security Development Lifecycle.

Requirements: Fortify 360 Governance module prescribes the proper MS SDL Requirements steps. The Governance module also stores and artifacts produced from the Requirements phase.

Design: The Governance module also directs users of what MS SDL design activities are required for the organizations security maturity level. The resulting design artifacts are stored in the 360 server for review.

Implementation: Fortify SCA performs static analysis for an organization’s code base. Fortify 360 consumes the static analysis results and warn of banned function violations.

Verification: Fortify 360 is capable of consuming and reporting upon dynamic testing results from multiple vendors. The Governance module stores relevant threat model/attack surface analysis.

Release: The Governance module along with the accompanying MS SDL process template, enforce a proper release strategy.

Response: Once again, the Governance module serves as a repository for response artifacts.

In essence, Fortify 360 provides a comprehensive solution for rolling out the MS SDL throughout an organization.
Posted by flee at 12:51 PM in Fortify
Responses (0)

 

[Trackback URL for this entry]

Your comment:

 
Generate another code
SCode

Please enter the code as seen in the image above to post your comment.
 
 

Live Comment Preview: