Software code must change to beat hackers
Fortify announces a new strategy which focuses on poorly-designed software rather than firewall protection.
Security firm Fortify has announced a new strategy which it claims will provide businesses a blueprint for minimising risks resulting from vulnerabilities in software and business assets.
The Business Software Assurance (BSA) is based on a premise that security must come from within businesses. It says that corporate mindsets must change, so that they can reduce risk and cope with compliance procedures.
"Businesses today are built and operated by software that houses intellectual property, business processes and trade secrets that are vital to the health of an enterprise," said Roger Thornton, Fortify chief technology officer and founder.
"Unfortunately most of this software is developed to be open and functional, or was developed pre-internet and therefore not secure. This creates a significant vulnerability at the company's core," said Thornton.
Fortify said that companies traditionally on 'perimeter-based' approaches like network security to prevent criminals from accessing business information.
However, the open nature of today's business processes weakened perimeter security protection like firewalls and left applications vulnerable and open to hackers.
Current application security tools such as penetration testing provided some protection, but only on the indicators of insecure software rather than insecure code.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"The biggest single step for businesses to reduce risk today is to force major improvements in poorly designed and insecure software and applications," said Gartner senior analyst John Pescatore.
"By focusing on strengthening applications at the basic code level, business can greatly increase the protection of critical customer and business data while actually reducing how much they have to spend on shielding and patching vulnerable production applications."
The BSA strategy was announced alongside the worldwide release of a product which focused on software vulnerabilities and application security for businesses.
Fortify 360 is a suite of integrated solutions which the company claims will identify, prioritise and fix security vulnerabilities as well as manage the business of application security.
"It's not just about the technology, but also about bridging the gap between those in the enterprise responsible for development and security," said Thornton.
"Security is a low priority in software development compared to functionality, quality and performance, and most business managers are often unaware of the inherent business and security risks of deploying dangerously exposed software," he added.
-
Why are many men in tech blind to the gender divide?In-depth From bias to better recognition, male allies in tech must challenge the status quo to advance gender equality
By Keri Allan
-
BenQ PD3226G monitor reviewReviews This 32-inch monitor aims to provide the best of all possible worlds – 4K resolution, 144Hz refresh rate and pro-class color accuracy – and it mostly succeeds
By Sasha Muller
