Fortify is a company with several products. Which product are you referring to? I've used some of thier products (and think highly of them), but I have not used all of them. What I like most about thier approach is they are trying to address all parts of the life cycle. The IDE plug-in enforces secure development at the point that code is written/changed. The scanner/workbench supports the build and audit processes. Other components work at runtime. Are they perfect? Honestly, I've not seen anything that is ever perfect. Are they good and getting better? I belive so.
jt -----Original Message----- From: "McGovern, James F (HTSC, IT)" <[EMAIL PROTECTED]> To: <sc-l@securecoding.org> Date: Mon, 5 Jun 2006 16:50:17 -0400 Subject: [SC-L] Comparing Scanning Tools > The industry analyst take on tools tends to be slightly different than > software practitioners at times. Curious if anyone has looked at > Fortify and has formed any positive / negative / neutral opinions on > this tool and others... > > > *********************************************************************** > ** > This communication, including attachments, is > for the exclusive use of addressee and may contain proprietary, > confidential and/or privileged information. If you are not the > intended > recipient, any use, copying, disclosure, dissemination or distribution > is > strictly prohibited. If you are not the intended recipient, please > notify > the sender immediately by return e-mail, delete this communication and > destroy all copies. > *********************************************************************** > ** > > > _______________________________________________ > Secure Coding mailing list (SC-L) > SC-L@securecoding.org > List information, subscriptions, etc - > http://krvw.com/mailman/listinfo/sc-l > List charter available at - > http://www.securecoding.org/list/charter.php _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php