Tag Archives: Fortify

Establishing Effective Static Analysis Capabilities

Planning to establish or reboot a static analysis capability this year? Use this simple framework to plan a new implementation or reflect on an existing program to improve maturity.
Over the years, we’ve learned that there are four primary dimensions to any static analysis capability:

Solution Architecture
Application On-Boarding
Vulnerability Management

It doesn’t matter if you’re considering building an in-house [...]

Teaching Fortify SCA About Confidential Data

In Cigital’s latest newsletter, I explain a few tips for gaining assurance that Fortify SCA is “seeing” code (specifically private or confidential data) the way you think it should be.