What is most valuable?
It's saved us a lot of time as we focus primarily on security consultancy work rather than tool operational work.
Also, the features SAST, DAST, Dashboard/Reports, Fortify on Demand Portal and Vulnerability Tracking, have all helped with our work.
Finally, it's reduced operational costs as we minimized security incidents and ensured all vulnerabilities are remediated during the development lifecycle.
How has it helped my organization?
The results it provides are more than 95% accurate, helping us to focus on the right things first.
Our new software procurement process benefited as well as we use this as a central control to provide security assurance and evaluate the quality of our deliverables.
Its ease-of-use has influenced developer behavior and enabled them to follow security principles.
What needs improvement?
It would be useful if they could integrate secure design reviews, security user stories in Fortify on Demand Portal, and also look for possible options to get just one view of risks for given services (Covering Application, Infrastructure, Pen. Test, etc.).
For how long have I used the solution?
What was my experience with deployment of the solution?
We've had no issues with deployment.
What do I think about the stability of the solution?
It’s a very stable product. We've had no issues with instability.
What do I think about the scalability of the solution?
It’s scaled for our needs. We've had no issues with un-scalability.
How are customer service and technical support?
Customer service is excellent. Technical Support
The technical support is very good.
Which solution did I use previously and why did I switch?
We've used various other tools, including the Fortify on-premise solution. We chose Fortify on Demand as it is cost effective, scalable, easy to deploy, and helps us to manage our vulnerabilities centrally.
How was the initial setup?
The initial setup was very easy and straightforward. We were able to roll out this service to all our business units.
What about the implementation team?
We performed the installation in-house.
What's my experience with pricing, setup cost, and licensing?
There is no setup cost as it is an on-demand solution. However, if there is any firewall change required for an internal application, we would need to raise that from our end.
Which other solutions did I evaluate?
We considered SonarQube, MSFox, and CodeInspect.
What other advice do I have?
Fully utilize this product and its feature as it covers almost everything required for software security assurance.