Micro Focus Fortify on Demand Other Advice

Cinfooffice09987
CISO at a retailer with 1,001-5,000 employees
I would advise others not to use Fortify, but rather get something like Veracode or Checkmarx. The most important thing is not the functionality of the product. The most important thing is the knowledge, support, and availability of the team of security specialists as a vendor, that you have somebody to work with and talk to. Everybody's website is different, and if you try to use the product out of the box the way they built it and you have nobody to talk to to figure out how to tweak your application or the product to reduce the noise and the false positives, it becomes literally useless. So I would not advise anybody to go to Fortify based on the fact that they really don't have a very forthcoming support team and availability. Could be the other options would provide professional services, but that's not the point. The point is that if you want to pick up the phone and send them an email, open a ticket saying that, "This is a false positive," somebody should get back to you. So I don't think that Fortify's a viable option still these days based on the fact of where they sit and how they operate. I would rate the product a four out of ten. It works. The reason why I give it a four is because of the limitations of the product to understand the dynamics of our website and the number of things that are not working smoothly due to the fact that our website is complex. View full review »
reviewer1263261
Sr. Enterprise Architect at a financial services firm with 5,001-10,000 employees
My advice to anybody who is considering this solution is to first get buy-in from the entire organization about adopting a culture of Security by design. Fortify on Demand can scan your code, but you need to have plans in place for what needs to be done when problems are identified. It may mean that things will have to change with regards to how code is being written. It may also require integration with other platforms. You can't just start scanning without first understanding what the security architecture is. You need to understand the vulnerabilities and all of the standards, as well. Essentially, I would recommend a security design overhaul. I would rate this solution an eight out of ten. View full review »
Jonathas De Morais
Enterprise Systems Analyst at a manufacturing company with 10,001+ employees
Understand what you want to get out of it and be sure to fully understand what you will be paying per scan if you go for the subscription model. As I said, having to scan hundreds or thousands of apps using that subscription model and doing that several times a week, or several times a day, may increase your costs. That might be something that you need to look at. I rate it at nine out of 10. It's not a 10 because of the cost model, it's a bit pricey, and the slowness, it could be a little bit faster. I understand the reasons why but you just need to be aware before you start using it that the local scan won't be as fast as the static code scan. View full review »
Find out what your peers are saying about Micro Focus, SonarQube, Checkmarx and others in Application Security. Updated: March 2020.
406,312 professionals have used our research since 2012.
KavithaSridhar
Director Consulting at a tech services company with 10,001+ employees
Today's security has become so complex that you cannot lean completely dependent on one tool. What I have learned is that you should have multiple tools. Now, with different areas coming into space, all of these tools have to co-exist. To make the right choice of a tool is really important. A solution must have ease-of-use. If it becomes too difficult for installing, configuring, learning the scan, then the add option becomes a challenge. View full review »
Prakash-Rao
Vice President - Solution Architecture at a financial services firm with 10,001+ employees
Fortify on Demand is a product that I recommend but the suitability of this solution depends on exactly what the requirements are. Every product has a unique feature as well as limitations with respect to what it can and can not do. What it comes down to is how the application is built, as well as the technology stack. The licensing costs are also something that needs to be considered. Overall, it is a very good tool and it works well for what it is designed for. I would rate this solution a seven out of ten. View full review »
ChimaUzomba
Chief Executive & Certified Security Administrator at Boch
I would definitely recommend Micro Focus Fortify any day for clients who are looking for a good security solution. On a scale from one to ten where one is the worst and ten is the best, I would rate Micro Focus Fortify on Demand as a nine out of ten. View full review »
Appsecanst67
Senior Application Security Analyst at a financial services firm with 10,001+ employees
We use the cloud deployment model of the solution. Whether or not you decide to implement the solution depends on the use case. It depends on if the user has a big application or multiple lines of code which need to be scanned. New users need to do POC so they can investigate if this tool fits in their company or their enterprise before they begin implementation. Everyone should do a comparison before implementing or doing the rollout of any security tool. I would rate the solution seven out of ten. View full review »
Ives Laaf
Head of Compliance & Quality / CISO at a tech services company with 51-200 employees
This solution works, so I suggest using it. I would rate this solution an eight out of ten. View full review »
Find out what your peers are saying about Micro Focus, SonarQube, Checkmarx and others in Application Security. Updated: March 2020.
406,312 professionals have used our research since 2012.