Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

Fortify on Demand Heartbleed Update

The number of blog posts and news articles related to Heartbleed is rapidly expanding. Yahoo is showing 11,400 news articles.  Google is showing around 44,300. 


As director of the Fortify on Demand team, I have decided to respond in the form of a (public) customer communication.  Here are a couple of key updates for those who use our services:


  • We have validated that our three primary Fortify on Demand data centers (US, UK, & Singapore) were not exposed to the Heartbleed vulnerability.  Note: This also validates the need to have technology in place to be able to maintain a list of utilized Open Source components.
  • If you are a current customer, you will be hearing from your Technical Account Manager ASAP to discuss an exploratory assessment of your environment to ensure you were not affected by the Heartbleed exploit.  This is something we are offering at no cost to existing Fortify on Demand customers.  

We invite the OpenSSL project to join our Fortify Open Source Review for free static assessments.


For any additional questions, feel free to reach out to us on Twitter @hpappsecurity or via email fodsales(at)


Ryan English

Director,  Fortify on Demand

Alouicious L | ‎04-11-2014 01:39 PM

Are you saying that Fortify would have caught the bug?

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Showing results for 
Search instead for 
Do you mean 
About the Author

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.