Fortify Software
American software company
title: "Fortify Software" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["opentext", "2003-establishments-in-california", "database-security", "hewlett-packard-acquisitions", "american-companies-established-in-2003", "software-companies-established-in-2003", "static-program-analysis-tools", "software-companies-based-in-the-san-francisco-bay-area", "companies-based-in-san-mateo,-california", "2010-mergers-and-acquisitions", "2017-mergers-and-acquisitions", "micro-focus-international", "american-subsidiaries-of-foreign-companies", "defunct-software-companies-of-the-united-states"] description: "American software company" topic_path: "geography/united-states" source: "https://en.wikipedia.org/wiki/Fortify_Software" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0
::summary American software company ::
::data[format=table title="Infobox company"]
| Field | Value |
|---|---|
| name | Fortify |
| logo | Fortify logo.jpg |
| type | Software Vendor |
| genre | Software Security Assurance |
| foundation | 2003 |
| founder | Ted Schlein of Kleiner, Perkins, Caufield & Byers, Mike Armistead, Brian Chess, Arthur Do, Roger Thornton |
| location_city | San Mateo, California |
| location_country | United States |
| key_people | John M. Jack (former CEO), Jacob West (head of Security Research Group), Brian Chess (former Chief Scientist), Arthur Do (former Chief Architect) |
| industry | Computer software |
| owner | OpenText |
| homepage | OpenText |
| OpenText Cybersecurity Cloud | |
| :: |
| name = Fortify | logo = Fortify logo.jpg | type = Software Vendor | genre = Software Security Assurance | foundation = 2003 | founder = Ted Schlein of Kleiner, Perkins, Caufield & Byers, Mike Armistead, Brian Chess, Arthur Do, Roger Thornton | location_city = San Mateo, California | location_country = United States | location = | locations = | area_served = | key_people = John M. Jack (former CEO), Jacob West (head of Security Research Group), Brian Chess (former Chief Scientist), Arthur Do (former Chief Architect) | industry = Computer software | services = | revenue = | operating_income = | net_income = | assets = | equity = | owner = OpenText | parent = | divisions = | homepage = OpenText OpenText Cybersecurity Cloud | footnotes = | intl =
Fortify Software, later known as Fortify Inc., is a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010, Micro Focus in 2017, and OpenText in 2023.
Fortify offerings included static application security testing and dynamic application security testing products, as well as products and services that support software security assurance. In 2011, Fortify introduced Fortify OnDemand, a static and dynamic application testing service.
History
Fortify Software was founded by Kleiner Perkins in 2003. Fortify Inc. was acquired by HP in 2010.
On September 7, 2016, HPE CEO Meg Whitman announced that the software assets of Hewlett Packard Enterprise, including Fortify, would be merged with Micro Focus to create an independent company of which HP Enterprise shareholders would retain majority ownership.
Micro Focus CEO Kevin Loosemore called the transaction "entirely consistent with our established acquisition strategy and our focus on efficient management of mature infrastructure products" and indicated that Micro Focus intended to "bring the core earnings margin for the mature assets in the deal - about 80 percent of the total - from 21 percent today to Micro Focus's existing 46 percent level within three years."
OpenText acquired Micro Focus (including Fortify Software products) in 2023.
Security research
Fortify created a security research group that maintained the Java Open Review project and the Vulncat taxonomy of security vulnerabilities in addition to the security rules for Fortify's analysis software. Members of the group wrote the book Secure Coding with Static Analysis, and published research, including JavaScript Hijacking, Attacking the build: Cross build Injection, Watch what you write: Preventing Cross-site scripting by observing program output, and Dynamic taint propagation: Finding vulnerabilities without attacking.
References
References
- (September 22, 2010). "HP Completes Acquisition of Fortify Software, Accelerating Security Across the Application Life Cycle".
- Roberts, Paul. (April 5, 2004). "Software Searches for Security Flaws".
- Wagner, Jim. (April 5, 2004). "A New Approach to Fortify Your Software". [[Internetnews.com]].
- "HP Fortify Static Code Analyzer".
- (July 14, 2011). "HP Unveils Real-Time Application Security Testing Tool".
- Reitano, Victoria. (February 15, 2011). "HP builds up its Security-as-a-Service". SD Times.
- (August 18, 2010). "HP's Fortify Buyout Numbers Tell Lucrative Story For Software Security". Forbes.
- (September 7, 2016). "HP Enterprise strikes $8.8 billion deal with Micro Focus for software assets". Reuters.
- OpenText, Sponsored by. (2023-05-09). "Fortified by multiple acquisitions, OpenText aims to deliver smarter, simpler security".
- "Quality and Security for Open source Community".
- "HP Fortify Taxonomy: Software Security Errors".
- (March 12, 2007). "JavaScript Hijacking".
- (October 10, 2007). "Attacking the Build through Cross-Build Injection".
- (2008). "Watch What You Write: Preventing Cross-Site Scripting by Observing Program Output".
- (January 2008). "Dynamic taint propagation: Finding vulnerabilities without attacking". Information Security Tech.
::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::