What needs improvement with Fortify Application Defender?

Please share with the community what you think needs improvement with Fortify Application Defender.

What are its weaknesses? What would you like to see changed in a future version?

33 Answers

author avatar
Top 10Real User

There are a couple of vulnerabilities not covered by the solution and we are working on how we can improve on these things. An example of this is when we have a static value that is stored in a database. We need to use a workaround when a value is not exposed directly to the code base, where we check that code dynamically. The workbench is a little bit complex when you first start using it.

author avatar
Top 20Real User

The solution is quite expensive. There could be little improvements made in the solution's performance, reporting, management, interface, dashboard, etc. Their level of support could also be better. They should be more qualified and quicker to respond, for example. It would be beneficial if the dashboard integrated with JIRA.

author avatar
Real User

Support for older compilers/IDEs is lacking. Many developers are still using environments that are known for having security issues. For example, Visual Studio 2005, 2008, and older, gcc 1.x, etc. are still being used. However, we cannot analyze a project using these older compilers because they are no longer supported by Fortify. If I can't find security issues injected by the development environment because I'm forced to use a newer compiler, then I cannot make recommendations to use an updated compiler. This is a particularly thorny issue wherein development environments of mission critical systems do not change and yet we need to recommend usage of newer development environments.

Find out what your peers are saying about Micro Focus, SonarQube, Synopsys and others in Application Security. Updated: October 2020.
442,517 professionals have used our research since 2012.