Absent Member.
Absent Member.
9578 views

Fortify vs. Free Tool

Jump to solution

Hi,

What is the Fortify advantages against Free tool?  I want to hear the advantages from Fortify product team.

Labels (1)
Tags (1)
0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

I believe many freeware tools are limited in their scope, supported language, supported environment (IDE), ability to handle a giant workload, and may be focused on code quality rather than security.  The results may or may not be verbose and adequate to explain the finding effectively.

By comparison, SCA has over a decade of focused research on code security testing alone.  We have an established history and a bright future, especially in light of a dedicated team of researchers and constant updates (binaries 2x annually, attacks/rulepacks 4x annually).  We are not a 1.0 product dropped after grad school started!  This level of dedication can be shown with our VulnCat material.  SCA currently supports numerous programming languages and can perform in a variety of environments and ways including CLI, multiple IDE, Build-time, parallel processing, and/or distributed work load (CloudScan).

Going further, Fortify recognizes that a tool is only a part of the Success Pyramid (people - processes - technology).  For this reason, we offer substantial support for the customer via SSC (collaboration), professional services (SSA review), education services, and SaaS (Fortify on Demand - FoD).


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify

View solution in original post

0 Likes
5 Replies
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Seriously?  How about this:  You get what you pay for...

I.e., free == almost worthless, Fortify == awesomeness.

0 Likes
Micro Focus Expert
Micro Focus Expert

I believe many freeware tools are limited in their scope, supported language, supported environment (IDE), ability to handle a giant workload, and may be focused on code quality rather than security.  The results may or may not be verbose and adequate to explain the finding effectively.

By comparison, SCA has over a decade of focused research on code security testing alone.  We have an established history and a bright future, especially in light of a dedicated team of researchers and constant updates (binaries 2x annually, attacks/rulepacks 4x annually).  We are not a 1.0 product dropped after grad school started!  This level of dedication can be shown with our VulnCat material.  SCA currently supports numerous programming languages and can perform in a variety of environments and ways including CLI, multiple IDE, Build-time, parallel processing, and/or distributed work load (CloudScan).

Going further, Fortify recognizes that a tool is only a part of the Success Pyramid (people - processes - technology).  For this reason, we offer substantial support for the customer via SSC (collaboration), professional services (SSA review), education services, and SaaS (Fortify on Demand - FoD).


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify

View solution in original post

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Well said.

--

Mark Feferman, CISSP, CSSLP, CISM

Principal @ Vaunted Group

mark@vauntedgroup.com<mailto:mark@vauntedgroup.com>

713-568-8897

https://www.vauntedgroup.com

Expertise in the discipline of Software Security Assurance

0 Likes

While this may true in the case of Fortify, this is not true in many other cases throughout technology and life in general.

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Thanks "will c"!  You are absolutely right. 

I WAS specifically speaking about Fortify SCA, as I am also a big user of products from the other end of the spectrum.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.