Fortify on Demand Reviews

Both editions of the product have their advantages, and they complement each other.

Since we adopted HP Fortify, our organization has added more divisions that focus on penetration testing.

HP Fortify already covers the need for security testing and is easy to use for new users. The only thing that comes to mind regarding room for improvement are the security vulnerability updates.

My company has been using this solution for about one year.

I have not encountered any deployment, stability or scalability issues. I haven't had any complaints about technical issues from our client, either.

I have not yet contacted customer service or technical support.

I do know of some software that have similarities, but I’ve never used any of them before.

Most of our clients use straightforward implementation; we recommend straightforward implementation because of the simplicity of the architecture and usage. For example, installing using the best practices for each product.

We implemented it for our customer.

HP Fortify is perfect for any company that creates their own applications or uses vendor-developed ones; it’s great for QA and development phases.

HP Fortify is easy to use and offers lots of integration options; those options allow us to have more diverse implementations that fit the requirements.

We are using Micro Focus Fortify on Demand because in the beginning we were using the on-premise version and it was very limited. We thought we could do everything wanted with the on-premise solution. However, it was not easy to use. 

We are testing the Micro Focus Fortify on Demand solution to improve security.

We are using the on-premise version of this solution for the static code for developers. For the dynamic code, we're using Micro Focus Fortify on Demand.

There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do. We were working with a different solution called SolarCloud previously and it was limited. We are trying to find the right level of security for our needs.

I have been using Micro Focus Fortify on Demand for approximately eight months.

The support is good. Their support is in the Netherlands, sometimes it takes some time for the time zone difference between Latin America and the Netherlands but overall the support is good.

The implementation of Micro Focus Fortify on Demand was simple, since it is on the cloud everything is automatic. They give you an account and that is all, you use the product.

The premise solution is more rentable. However, it is asking for a lot of effort in the implementation, administration, and integration in the pipeline. It takes time until the company comes to the right level to be able to manage this product. Even with the right partners in Latin America that work with us, it took some time.

We had partners in Latin America that help us integrate the implementation of the Micro Focus Fortify on Demand.

The solution is expensive and the price could be reduced.

My advice to others is if you choose Micro Focus Fortify on Demand, it's very simple to use. If they choose the on-premise version for the static code, they will need a person to manage it to be sure that it's integrated with all the pipelines that they developed. 

I rate Micro Focus Fortify on Demand a seven out of ten.

It's one of the leaders in the application security space. I've used Fortify since 2007, and I think the most valuable feature is its ability to address the source code scanning and dynamic scanning in a known, correlated way. I think the best way to address application security is to have multiple types of scanning and a unified view for the customer.

It's forced the incorporation of security in the development process. That's really the biggest benefit for us.

It could use better integration with the incident management processor. This would allow us to understand the vulnerabilities that arise in the software and how they're linked to the incident management center.

The deployment has not had issues.

It is a quite stable solution.

It's quite scalable and addresses a huge volume.

It's good, but could be better to align with other main vendors, such as IBM.

It's not straightforward, but it's not complex either. It could also be improved.

I'm very familiar with IBM and Barracuda and others. I always know HP's competition, but I feel most comfortable with HP.

My advice would be to look not only at the software, but also at the processor and the people who will be using the software. You should buy not just the software, but also the services to train people to use it.