Good development platform integration promotes a culture of Security by design
What is our primary use case?
I have been using this solution to gain some perspective from different architectures for the security team. I do not use it every day. I do have an overview and it is integrated with our development platform. I do work for our governance team, so whenever a project is coming I will review products. I need to connect with the project managers for testing them, and these tests include the vulnerability assessment along with other security efforts. One of the things that I suggest is using Micro Focus Fortify on Demand. The primary use case is core scanning for different vulnerabilities, based… more »
Pros and Cons
The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira.
This solution would be improved if the code-quality perspective were added to it, on top of the security aspect.
What other advice do I have?
My advice to anybody who is considering this solution is to first get buy-in from the entire organization about adopting a culture of Security by design. Fortify on Demand can scan your code, but you need to have plans in place for what needs to be done when problems are identified. It may mean that things will have to change with regards to how code is being written. It may also require integration with other platforms. You can't just start scanning without first understanding what the security architecture is. You need to understand the vulnerabilities and all of the standards, as well…