Fortify on Demand Reviews, Competitors and Pricing

Ives Laaf

Head of Compliance & Quality / CISO at a tech services company with 51-200 employees

Jun 11, 2019

Download

Has improved our security through static code analysis

Pros and Cons

"The static code analyzers are the most valuable features of this solution."

"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."

What is our primary use case?

Our primary use case for this solution is static code analysis.

How has it helped my organization?

This solution has helped us to improve our security processes.

What is most valuable?

The static code analyzers are the most valuable features of this solution.

What needs improvement?

The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment. It needs a better configuration and more options for reports.

Buyer's Guide

Fortify on Demand

November 2024

Free Report: Fortify on Demand Reviews and More

Learn what your peers think about Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.

DOWNLOAD NOW

816,406 professionals have used our research since 2012.

For how long have I used the solution?

Four months.

What do I think about the stability of the solution?

The solution is working, so I would say that its stability is fine.

What do I think about the scalability of the solution?

We have approximately twenty users who perform code scanning. They are developers and security experts. We do plan to increase our usage of this solution in the future.

How are customer service and support?

Technical support for this solution is fine.

How was the initial setup?

The initial setup of this solution is straightforward.

It took approximately two hours to deploy, and because it is a cloud-based solution it does not require anybody for maintenance.

What about the implementation team?

We handled the implementation in-house.

What was our ROI?

All I can say is that it is reducing security issues.

Which other solutions did I evaluate?

We evaluated Veracode before choosing this solution.

What other advice do I have?

This solution works, so I suggest using it.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

it_user362055

Senior Manager at a tech services company with 10,001+ employees

Dec 31, 2015

Download

It addresses the source code scanning and dynamic scanning in a known, correlated way.

Valuable Features

It's one of the leaders in the application security space. I've used Fortify since 2007, and I think the most valuable feature is its ability to address the source code scanning and dynamic scanning in a known, correlated way. I think the best way to address application security is to have multiple types of scanning and a unified view for the customer.

Improvements to My Organization

It's forced the incorporation of security in the development process. That's really the biggest benefit for us.

Room for Improvement

It could use better integration with the incident management processor. This would allow us to understand the vulnerabilities that arise in the software and how they're linked to the incident management center.

Deployment Issues

The deployment has not had issues.

Stability Issues

It is a quite stable solution.

Scalability Issues

It's quite scalable and addresses a huge volume.

Customer Service and Technical Support

It's good, but could be better to align with other main vendors, such as IBM.

Initial Setup

It's not straightforward, but it's not complex either. It could also be improved.

Other Advice

My advice would be to look not only at the software, but also at the processor and the people who will be using the software. You should buy not just the software, but also the services to train people to use it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.