Micro Focus Fortify on Demand Review

The quality of application security testing reduces risk and gives very few false positives.


How has it helped my organization?

The security of our consumer-facing web sites is better.

What is most valuable?

The quality of application security testing reduces risk and gives very few false positives.

What needs improvement?

New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions. DevOps requires very fast turnaround and I’m not sure HPE Fortify on Demand can do that, although they have a new product in beta for that.

What do I think about the stability of the solution?

We did not have stability issues.

What do I think about the scalability of the solution?

We did not have scalability issues.

How is customer service and technical support?

Technical support is very good.

Which solutions did we use previously?

We didn’t have a previous solution.

How was the initial setup?

Setup was not complex, although given our size it was a challenge.

What's my experience with pricing, setup cost, and licensing?

Drive a hard bargain.

Which other solutions did I evaluate?

We evaluated IBM and Veracode.

What other advice do I have?

Go with the SaaS product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 Comment
General Manager - Application Security at a tech consulting company with 51-200 employeesUser

Yes, It does have less positives. After being a premium customer and having taken the annual / 3 yr subscription option, we can opt for + (plus) services by which we can have a manual AUDIT to manually review our code for the 1st time. This helps reduce most of the false positives and developers and team in-charges can concentrate on actual issues / vulnerabilities or the weaknesses in existing application which is assessed. - Manoj Purandare, India

08 October 17
Guest
Sign Up with Email