06/25/2008

Fortify Software Inc., the market leader in enterprise application security solutions for business software assurance, is making Payment Card Industry Data Security Standard (PCI DSS) 6.6 compliance easier for its customers with the addition of a project template that gives developers, auditors and managers a PCI-centric view into the security of their software systems.

ebizQ received the following:

Beginning June 30, customers using Fortify's cornerstone software security solution, Fortify 360, will be able to immediately identify and remediate code level vulnerabilities that violate PCI DSS standards.

"Enterprises can reduce the costs of protecting customer and business data if they have processes in place that assure applications are as secure as possible" said John Pescatore, VP Distinguished Analyst at Gartner. "By focusing on strengthening applications at the basic code level, businesses can greatly reduce the chances of major security incidents while also demonstrating compliance to requirements such as PCI."

Currently, Fortify 360 integrates the results from three analyzers into a central repository where they are separated into folders that correspond to their priority. Fortify 360 offers users the ability to test applications using both static and dynamic analysis capabilities, as well as deploy real-time protection in the form of a software-based application firewall. Fortify is the only company to offer all three solutions. Used together, the analyzers correlate results, eliminate false positives, verify the exploitability of specific issues and prioritize related findings.

"We find that Fortify products greatly accelerate security analysis," said Rick Dakin, QSA and Cofounder of Coalfire, a leader in IT security, governance and regulatory compliance services. "We are very pleased with our decision to integrate Fortify products into our source code review and applications security audit processes."

On June 30, when section 6.6 of the PCI DSS becomes mandatory, all merchants will be required to implement source code analysis solutions or install a web application firewall. This is in response to the increase in attacks directed against applications. Coalfire, who has completed over 1,500 audits or assessments nationwide, has also seen this trend. "Our forensic analysis teams have identified application vulnerabilities as one of the leading causes for a data breach," said Dakin.

In response to the major milestone of section 6.6, Fortify's Security Research Group, working closely with Fortify customers, has created an environment for Fortify 360 that both draws attention to critical security flaws and specifically highlights issues that violate the PCI DSS. This new capability for Fortify products will be available to customers beginning June 30 via download from the Fortify Customer Portal.

"Fortify has a track record of helping several major companies quickly and easily pass PCI audits," commented Barmak Meftah, Senior Vice President of Products and Services at Fortify. "Our goal is to not only make PCI compliance an easier, more effective process, but to also provide our customers with the solutions they need to implement a proactive application security program through which they can achieve business software assurance."

Companies face a significant challenge with securing their applications and passing section 6.6 of the PCI DSS. With the right mix of technology and consulting services, they will be able to tackle these challenges effectively.