Micro Focus Fortify on Demand Review

It works to identify security flaws that any of our applications might have.

Valuable Features

The solution simply identifies any security flaws that any of our applications might have.

Improvements to My Organization

This identification provides us an advantage in that the service itself works to stay abreast and knowledgeable about emerging threats. Rather than have a security team dedicated to that effort, we don’t have to deal with that in a time consuming, direct manner. We don't need to have these skills in-house.

Room for Improvement

I find that while it does find a lot of legitimate threats, it tends to have a lot of false positives, and there are more false positives than I would like to see. It flags threats that sometimes are not, and when we have to investigate that it takes time. If they could improve the intelligence then I think it could really help the system function more efficiently. The dynamic time scan takes about seven days, and this could be a bit quicker. We like to incorporate the scan into every build cycle and if we have to wait for a seven day business cycle it has to go into our scheduling. If that could be improved there would be a lot of happy people.

Use of Solution

It predates my employment; I’m certain we signed up in 2013 – roughly three years ago.

Deployment Issues

We have had no issues with the deployment.

Stability Issues

I would say it’s fairly stable. It’s a web application so of course there are browser hiccups but I would give it a high score for stability. Once in a while there is a page refresh, but nothing major.

Scalability Issues

We have four applications and we’ve been able to get them all in there, I don’t see it having a limit.

Customer Service and Technical Support

Customer Service:

Customer service has been good once we get attention, which comes back to the false positive issue.

Technical Support:

Sometimes the results need clarifications. They could be a bit more responsive as once we get someone the interactions have been good and helpful.

Previous Solutions

This was our first foray into a hosted service.

Initial Setup

The deployment was super easy as the interface is straightforward. It was almost too easy.

Other Advice

If you haven’t run any formal scan be prepared for it to come back and be a bit scary.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
1 Comment
Omar Sánchez (Mr.Tech)ConsultantTOP 5LEADERBOARD

Support is offered through phone and a password-protected web portal, and also through email. In addition, the standard price allows for quarterly updates for the latest security tests for code review. Phone support is available 6 a.m. to 6 p.m. Pacific Standard Time.

07 June 16

Sign Up with Email