PRESS RELEASE

SAN MATEO, Calif., March 9, 2010 — Fortify' Software, the market leader in Software Security Assurance (SSA) solutions, today announced the results of a straw poll taken at the RSA Conference 2010. Based on an informal survey of 200 security professionals in attendance, Fortify's poll sought to assess the general awareness of the risk associated with insecure software, as well as the adoption of software security solutions within the enterprise. According to survey results, 74 percent of respondents say their organizations have placed a high priority on software security and have active software security programs in place, while less than a quarter of respondents stated that software security was not on their radar. The remaining respondents were utilizing the RSA show to learn more about the solutions they could employ in the future.

Additionally, Fortify's straw poll revealed that the majority of respondents believe that the software and applications in their company are likely to have exploitable vulnerabilities and that they assume their organizations were under attack at least once a day, if not more.

"It's very encouraging to see that software security is top of mind for today's enterprises," commented Barmak Meftah, Fortify's Chief Products Officer. "As we've seen over the last few years, some of the biggest data breaches have been a result of attacks at the software layer. Enterprises are constantly under attack by data thieves hoping to capitalize on weaknesses in code. Awareness of this risk is critical to tackling the problem of insecure applications."

Most respondents noted that their companies were deploying a combination of technologies to address vulnerabilities in software, including code analysis, application scanning, penetration testing and web application firewalls, with the majority of respondents noting that penetration testing and application scanning were the prevalent solution in their organization.

"We find that most enterprises have deployed solutions to discover security weaknesses in their code and assess their level of risk exposure," continued Meftah. "As companies mature their software security programs, the next step is prioritizing those security concerns and putting in place the appropriate processes and technologies for remediating, and eventually preventing, those vulnerabilities."

In wrapping up the poll, Fortify questioned attendees on their personal experience with hacking. The majority of respondents, roughly 88 percent, stated that they had hacked in the past. A handful of those who had attempted hacking admitted it was for "fun" or "curiosity," while most stated that their experience with hacking was "work-related" or "white hat" hacking.

About Fortify Software, Inc.

Fortify''s Software Security Assurance products and services protect companies from the threats posed by security flaws in business-critical software applications. Its software security suite—Fortify 360—drives down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners. More information is available at www.fortify.com or visit our blog at blog.fortify.com. Find Fortify on Twitter: @Fortify