Fortify Software develops a set of tools to help examine and test software code for security flaws while programs are being developed. Fortify’s software is based on the fact that most security problems stem from known programming mistakes as companies race to finish products that may be composed of thousands or millions of lines of code. A programmer, for example, might neglect to see that a piece of prewritten code allows a user to insert any amount of text into the address field in a Web browser. An attacker might later insert millions of characters into that field. That well-known attack, called a buffer overflow, can cause a program to crash and give an attacker control over the computer running it. Fortify’s software, designed to be run at the end of each day’s programming, analyzes code to find more than 500 such problems. It explains the problems and suggests solutions, but programmers must manually make the changes.
|12/16/05||Series D||10M||Aggregate Media, Sutter Hill Venture Partners, Mieza Capital, Tullis-Dickerson||Unknown|