Fortify to fill gap in developer education

CIOL Bureau
Updated On
New Update

SAN MATEO, USA: Fortify Software, a company in enterprise application security solutions for Business Software Assurance, has announced that it is offering a free copy of Fortify 360, which includes its award-winning source code analysis, program trace analysis, and real-time analysis, to any university for the purposes of education and research. To date, fifty-five universities worldwide -- including Harvard, Stanford, University of California, Davis, Princeton and Purdue University -- have successfully adopted the use of Fortify 360 into course material and research projects.


"Many companies are beginning to put a premium on developers that have been trained in writing secure code," said Brian Chess, Fortify's co-founder and chief scientist. "Universities that teach security are going to put their students ahead of the cure. Fortify is trying to help Universities, by supplying our software, and helping share best practices in terms of lesson plans, course material and sample projects."

Several U.S. and international universities have already integrated the use of Fortify 360 in college curricula and research projects. Purdue University's Center for Education and Research in Information Assurance and Security (CERIAS), currently viewed as one of the world's leading centers for research and education in information security, will incorporate the use of Fortify 360 in numerous classes and laboratories. Both Northern Kentucky University and the Polytechnic Institute of NYU have created secure software engineering classes based on Fortify 360, and many other schools are following suit.

"The use of Fortify SCA in the classroom gives students a better understanding of the crucial and often-overlooked processes for including security considerations in developing software," said Matt Bishop, a professor of computer science at UC Davis. "Never before has the practice of secure software development been so important, which is why software engineers should be required to learn the practice of secure development from the start."


"Too many college level security classes focus on how to identify vulnerabilities instead of teaching students how to avoid them. But hiring managers are looking for programmers to write secure code," says Jennifer Bayuk, former CISO of Bear Stearns. "Fortify helps train future programmers how to protect systems rather than hack into them."

Both professors and students at leading universities are using Fortify 360 in their research. Experts at the University of Wisconsin are spearheading a project funded by the National Science Foundation to research vulnerability assessment techniques focusing on grid middleware software -- a software run on many of the largest clusters or grids in the world. UC Berkeley's David Wagner has recently applied Fortify 360 while researching language security to analyze open-source projects. Fortify 360 has also helped students complete theses on various topics within application security. Additionally, professors in both California and Ohio used Fortify 360 in their recent studies on e-voting machine security.

"I'm pleased to see how Fortify 360 has inspired and supported innovative courses and projects at these universities," Chess adds. "We believe it is imperative that tomorrow's developers have an understanding of security and the role secure development plays in protecting companies from the business risk associated with vulnerable software. This education must begin in the classroom on day one."