HP Helps Enterprises Accelerate Software Security Assessment, Assurance and Protection

HP Fortify Static Code Analyzer 4.0 Speeds Software Security Assessment by 10 Times

PALO ALTO, CA--(Marketwired - Aug 28, 2013) - HP (NYSE: HPQ) today announced HP Fortify Static Code Analyzer (SCA) 4.0, delivering a new approach that enables organizations to assess the security of software up to 10 times faster than previous versions of the solution through more accurate and parallelized static application security testing.(1)

The explosive growth in new cloud and mobile technologies has significantly increased the demand for new software development. This in turn has put a strain on many organizations' ability to do thorough security testing prior to application deployment. As a result, secure development practices have declined, decreasing the effectiveness of software vulnerability discovery. From 2011 to 2012, the total vulnerabilities disclosed increased by 19 percent,(2) and in a 2012 application survey, 99 percent of the applications tested had one or more serious security vulnerabilities.(3) Further, in the last five years, mobile application vulnerability disclosures have increased almost 800 percent.(2)

"Software security vulnerabilities are becoming more prevalent as the demand to support new technology needs escalates," said Mike Armistead, vice president and general manager, Enterprise Security Products, Fortify, HP. "A holistic approach to software security is imperative, and with the HP Fortify portfolio, organizations have the ability to assess vulnerabilities across all of their software, assure security flaws are resolved before deployment, and protect applications from attacks once in production."

Building on HP Fortify's flagship offering, HP Fortify SCA 4.0 delivers a new approach to improving overall scan performance with heightened precision to support faster vulnerability detection and resolution. This approach enables the analysis of multiple software application threads in parallel to enable:

  • Ten times faster scans and reduced false positives by 20 percent over previous versions of the product, enabling organizations to evaluate more software at a quicker pace and with improved results.(1)
  • Improved software security intelligence reports that equip IT departments with risk-ranked lists of issues for mobile, web, client and server applications, ensuring the timely resolution of high-priority vulnerabilities.
  • Reduced application development time through more frequent security testing by enabling full application scanning without impacting development process.
  • Flexible deployment options to fit any organization's business needs through either on-premises or on-demand access. HP Fortify SCA 4.0 is already powering faster, more accurate static application security assessments in the HP Fortify on Demand cloud-based application security-as-a-service solution.

HP was recognized as an IT leader in the Application Security Testing (AST) market by Gartner in the 2013 Gartner Magic Quadrant for Application Security Testing report.(4) By bringing together SPI Dynamic and Fortify Software, HP was instrumental in the creation of a combined category that includes both static and dynamic application security testing.

Additional information about HP Fortify listing as a leader in the 2013 Magic Quadrant for Application Security Testing can be found at www.gartner.com/technology/reprints.do?id=1-1GTXLFB&ct=130703&st=sb.

Availability
HP Fortify SCA 4.0 will be available worldwide beginning September 2013.

HP's premier EMEA client event, HP Discover, takes place Dec. 10-12 in Barcelona, Spain.

HP's annual enterprise security event, HP Protect, will take place Sept. 16-19 in Washington, D.C.

About HP
HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. With the broadest technology portfolio spanning printing, personal systems, software, services and IT infrastructure, HP delivers solutions for customers' most complex challenges in every region of the world. More information about HP is available at http://www.hp.com.

(1) Internal HP performance testing.
(2) HP 2012 Cyber Risk Report, 2012.
(3) Cenzic, "Application Vulnerability Trends Report," 2013.
(4) Gartner, Inc., "Magic Quadrant for Application Security Testing," Neil MacDonald and Joseph Feiman, July 2, 2013. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

This news release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of management for future operations; any statements concerning expected development, performance, market share or competitive performance relating to products and services; any statements regarding anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the need to address the many challenges facing HP's businesses; the competitive pressures faced by HP's businesses; risks associated with executing HP's strategy; the impact of macroeconomic and geopolitical trends and events; the need to manage third party suppliers and the distribution of HP's products and services effectively; the protection of HP's intellectual property assets, including intellectual property licensed from third parties; risks associated with HP's international operations; the development and transition of new products and services and the enhancement of existing products and services to meet customer needs and respond to emerging technological trends; the execution and performance of contracts by HP and its suppliers, customers and partners; the hiring and retention of key employees; integration and other risks associated with business combination and investment transactions; the execution, timing and results of restructuring plans, including estimates and assumptions related to the cost and the anticipated benefits of implementing those plans; the resolution of pending investigations, claims and disputes; and other risks that are described in HP's Quarterly Report on Form 10-Q for the fiscal quarter ended April 30, 2013 and HP's other filings with the Securities and Exchange Commission, including HP's Annual Report on Form 10-K for the fiscal year ended October 31, 2012. HP assumes no obligation and does not intend to update these forward-looking statements.

© 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Related Media Contacts