It's one of the leaders in the application security space. I've used Fortify since 2007, and I think the most valuable feature is its ability to address the source code scanning and dynamic scanning in a known, correlated way. I think the best way to address application security is to have multiple types of scanning and a unified view for the customer.
Improvements to My Organization
It's forced the incorporation of security in the development process. That's really the biggest benefit for us.
Room for Improvement
It could use better integration with the incident management processor. This would allow us to understand the vulnerabilities that arise in the software and how they're linked to the incident management center.
The deployment has not had issues.
It is a quite stable solution.
It's quite scalable and addresses a huge volume.
Customer Service and Technical Support
It's good, but could be better to align with other main vendors, such as IBM.
It's not straightforward, but it's not complex either. It could also be improved.
Other Solutions Considered
I'm very familiar with IBM and Barracuda and others. I always know HP's competition, but I feel most comfortable with HP.
My advice would be to look not only at the software, but also at the processor and the people who will be using the software. You should buy not just the software, but also the services to train people to use it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Dec 31 2015