Fortify Source Code Analysis

Kenny_Herold at cargill.com Kenny_Herold at cargill.com
Wed May 18 15:51:17 EDT 2011


Hello,

Just wondering if your development team had ever entertained the thought of submitting your source code for a static code analysis by Fortify.  It is free of charge and can be a source validation for any disputes on potential vulnerabilities, as well as a means of ensuring that your code is secure in other ways than a code walk-through or peer review.

Fortify has something called "Fortify Open Review Project" where there are a number of open source solutions that are scanned and results made available.

https://opensource.fortify.com/teamserver/welcome.fhtml

The site has more information on it to explain the pros, and I'm sure you can figure out the cons for doing it.

Our organization had a request to introduce your application into our environment, which, in part, was rejected because of the inability to scan the source code because there were snippets of some languages that we did not license for with Fortify.

Ultimately this would benefit us in any future requests or viability of use of your product, but you may see benefit in doing it as well.

Thank you,

Kenny Herold
Technology Governance, Risk and Controls
Cargill
kenny_herold at cargill.com<mailto:kenny_herold at cargill.com>

Confidentiality Note: This message is intended only for the named recipient and may contain confidential, proprietary or legally privileged information. Unauthorized individuals or entities are not permitted access to this information. Any dissemination, distribution, or copying of this information is strictly prohibited. If you have received this message in error, please advise the sender by reply e-mail, and delete this message and any attachments. Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/support/attachments/20110518/9f886194/attachment-0002.html>


More information about the Support mailing list