PALO ALTO, Calif., Oct. 1 /PRNewswire/ -- Fortify(R) Software Inc., the market-leading provider of enterprise application security solutions, today announced that its suite of products -- covering both static analysis and runtime approaches -- has been selected by the U.S. Air Force as part of a comprehensive $10.2 million security protection plan to protect its applications from malicious hackers. Through Telos and the NETCENTS program, the USAF has purchased more than $7 million of Fortify(R) Source Code Analysis, Fortify(R) Defender and Fortify(R) Tracer because these products have a proven record in protecting demanding customer deployments, including the world's largest, most varied code bases.

The U.S. Air Force -- a leader in the Department of Defense's strategy for cyber security -- will use Fortify's complete product portfolio to develop secure code, as well as identify, protect and monitor these applications from attacks, including SQL injection, cross-site scripting, buffer overflows, and a full rage of additional malicious activities. The DoD is arguably the largest Internet user on the planet, with more than 11 million users. It has been estimated that its 12,000+ networks are probed more than 6 million times each day and that the DoD has seen a 46 percent increase in attacks on its website since 2005.

"The U.S. Air Force has just made its largest investment to date in application security to protect its software infrastructure," said John M. Jack, CEO of Fortify Software. "With this announcement, the USAF have proven themselves forward thinkers in tackling software security and risk. By leveraging the Fortify suite of products to protect applications from coding through production, the USAF recognizes the need for a strong, end-to-end approach to application defense."

In March, Fortify announced that the 554th Electronic Systems Wing, a unit of the Air Force Electronic Systems Center at Hanscom AFB, Mass., adopted Fortify Defender to help protect and monitor its applications. The wing develops, fields, sustains and operates worldwide communications-computer and force protection systems and capabilities for the President and Secretary of Defense, Chairman of the Joint Chiefs of Staff, unified combatant commanders, services and specified Department of Defense and non-DoD agencies to direct military forces. These systems are often a major target for hackers, both domestic and international. In order to protect their applications, and the data that is transmitted between them, the USAF relies on the most advanced and sophisticated security products and techniques available.

"After an exhaustive evaluation of many vendors, the Air Force chose Fortify based on the strength of our technology," said Michelle Dickey, Fortify's Vice President of Federal Sales. "The Air Force established very strict guidelines with respect to security, reliability, performance and ease- of-use. Fortify satisfies these requirements with audit reports that meet or exceed all applicable DoD security standards, incorporates a variety of code bases, and is simple to install and manage with minimal customization. We believe that these same attributes are needed to protect a wide range of federal applications."

About Fortify(R) Source Code Analysis

Fortify SCA analyzes source code to help find and fix software vulnerabilities at the root cause, early in the development cycle, making triage, audits and remediation fast and effective for any organization. Its advanced features help developers identify and resolve issues with less effort, while enabling security leads to review and prioritize more code in less time. Fortify SCA supports a wide variety of languages, frameworks and operating systems, and delivers depth and accuracy in its results. For more information, please visit Fortify's website at http://www.fortifysoftware.com/products/sca/.

About Fortify(R) Defender

Fortify Defender enables a new, highly effective layer of Web application security by monitoring security-critical functions and APIs inside a Web application ... a unique "internal firewall" approach that offers critical insight into attacks as well as an unparalleled level of security. Fortify Defender can be applied to any J2EE or .NET custom Web application-even those where source code is unavailable-while it also addresses key software security compliance requirements, including PCI, FISMA and HIPAA. More information can be found online at http://www.fortifysoftware.com/products/defender/.

About Fortify(R) Tracer

Fortify Tracer makes every black box security test more effective, helping to find vulnerabilities that would otherwise have been missed and pointing developers toward speedy remediation. It can be used in conjunction with any manual or automated testing procedure, providing consistency and repeatability among independent application security tests. For more information, please visit Fortify's website at http://www.fortifysoftware.com/products/tracer/.

About Fortify Software, Inc.

Fortify(R) Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security products -- Fortify SCA, Fortify Manager, Fortify Tracer and Fortify Defender -- drive down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners. More information is available at http://www.fortifysoftware.com/.

CONTACT: North America: Lisa Eskey of Sterling Communications,
+1-408-884-5157, leskey@sterlingpr.com, or UK: Laura Mead of Johnson King
Public Relations, +44 (0)20 7357 7799, lauram@johnsonking.co.uk, or Austria,
Germany and Switzerland: Ingrid Daschner of Johnson King Public Relations,
+49 (0)89 8940 8511, ingridd@johnsonking.de, all for Fortify Software, Inc.

Web site: http://www.fortifysoftware.com/