Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

3/12/2015
09:10 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

HP Granted FedRAMP Authorization for Government Agencies to Use HP Fortify on Demand

HP Fortify on Demand First Security Software-as-a-Service (SaaS) Offering to Achieve Approval

WASHINGTON, DC--(Marketwired - Mar 11, 2015) - HP (NYSE: HPQ) today announced theauthorization of HP Fortify on Demand by the Joint Authorization Board (JAB) of the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. As the first Security Software-as-a-Service (SaaS) offering to achieve a FedRAMP authorization, HP Fortify on Demand allows government agencies to perform security assessments of application code and web site/web services testing without requiring any additional software to install or manage.

More than 70 percent of agency breaches are due to software vulnerabilities.(1) When vulnerabilities are found in software, hackers and other malicious actors have the ability to infiltrate an agency's network and access sensitive information regardless of where it resides.HP Fortify on Demand addresses this by enabling agencies to continuously monitor deployed software to mitigate risk and identify critical vulnerabilities undermining their security posture.

"As the soft underbelly of an agency's network, software can impose serious threats to an agency's security if vulnerabilities are not proactively identified and addressed," said Rob Roy, chief technology officer, U.S. Public Sector, Enterprise Security Products, HP. "Organizations can no longer afford to simply respond to breaches as they arise, and as the only solution of its kind available with FedRAMP certification, HP Fortify on Demand quickly addresses the root cause of vulnerabilities by securing software from conception through the entire development lifecycle."

HP Fortify on Demand is now provisionally authorized for government agency use to perform security assessments of application code and web site/web services testing, and end-to-end mobile application security testing. Static code scanning such as Java, .NET, and other major programming languages for security defects is performed in the system at the code layer followed by an audit review by an HP static auditor. Dynamic web site and web services testing combines HP WebInspect software with manual penetration testing, followed by a review from an HP dynamic tester. In total, HP Fortify on Demand offers accurate and affordable security assessments of more than 600 vulnerability categories and services, regardless of where the application resides and without any software to install or manage.

By deploying HP Fortify on Demand on top of HP's FedRAMP authorized Infrastructure-as-a-Service (IaaS), HP Helion Managed Virtual Private Cloud for Public Sector (US), agencies are able to leverage on-demand security assessments of application code in a fast and accurate method that saves both time and money. More information on this certification is available atwww.FedRAMP.gov.

 

About HP Enterprise Security
HP enables organizations to take a proactive approach to security, disrupting the life cycle of an attack through prevention and real-time threat detection. With market-leading products, services and innovative research, HP Enterprise Security enables organizations to integrate information correlation, application analysis and network-level defense. Additional information about HP Enterprise Security can be found at www.hp.com/go/esp.

Join HP Software on Linkedin and follow @HPSoftware on Twitter. To learn more about HP Enterprise Security Products on Twitter, please follow @HPGovSec and join HP Enterprise Security on Linkedin.

 

About HP
HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. With the broadest technology portfolio spanning printing, personal systems, software, services and IT infrastructure, HP delivers solutions for customers' most complex challenges in every region of the world. More information about HP is available at http://www.hp.com.

(1) Internal HP Enterprise Security Products Research

This press release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of HP for future operations, including the separation transaction; the future performance of Hewlett-Packard Enterprise and HP Inc. if the separation is completed; any statements concerning expected development, performance, market share or competitive performance relating to products and services; any statements regarding anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the need to address the many challenges facing HP's businesses; the competitive pressures faced by HP's businesses; risks associated with executing HP's strategy, including the planned separation transaction, and plans for future operations and investments; the impact of macroeconomic and geopolitical trends and events; the need to manage third-party suppliers and the distribution of HP's products and services effectively; the protection of HP's intellectual property assets, including intellectual property licensed from third parties; risks associated with HP's international operations; the development and transition of new products and services and the enhancement of existing products and services to meet customer needs and respond to emerging technological trends; the execution and performance of contracts by HP and its suppliers, customers, clients and partners; the hiring and retention of key employees; integration and other risks associated with business combination and investment transactions; the execution, timing and results of restructuring plans, including estimates and assumptions related to the cost and the anticipated benefits of implementing those plans; the execution, timing and results of the separation transaction or restructuring plans, including estimates and assumptions related to the cost (including any possible disruption of HP's business) and the anticipated benefits of implementing the separation transaction and restructuring plans; the resolution of pending investigations, claims and disputes; and other risks that are described in HP's Annual Report on Form 10-K for the fiscal year ended October 31, 2015, and HP's other filings with the Securities and Exchange Commission. HP assumes no obligation and does not intend to update these forward-looking statements.

© 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4564
PUBLISHED: 2020-10-20
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...
CVE-2020-4748
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.
CVE-2020-4749
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link ...
CVE-2020-4755
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
CVE-2020-4756
PUBLISHED: 2020-10-20
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-For...