Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

Information Security as an Emergent Property


Earlier today I heard Jason Schmitt say something worth exploring: He referred to information security as an emergent property.


Emergence is a fascinating concept. It basically means that when simple things combine to a certain degree, new properties, patterns, and behaviors develop that often cannot be explained or understood in the context of their components.


It's difficult to explain human happiness in terms of the strong and weak nuclear force, for example. Or to reduce an economic law like supply and demand down to covalent bonds...


Security Demystified: SQL Injection

large_3173827605.jpgDespite very good options for defense, SQL injection is still one of the most common vulnerabilities found across web applications.  What is it, and how can we defend against it?

Has Information Security Reached Peak Prevention?



As we all know, there are two main components to risk: 1) the chance that something will happen, and 2) how bad it would be if it did--or, probability and impact. For the last 20 years we've been focused almost exclusively on probability, i.e. trying to make sure bad things don't happen.


The problem is that we’ve reached Peak Prevention. Like Peak Oil, Peak Prevention is a wall of diminishing return, and we've hit it. We can multiply our prevention efforts many times over and get very little reduction in risk (and perhaps even an increase due to ever-advancing threats). 10 years ago we were at around 50% prevention maturity, and now we’re at roughly 90%. If we spend another 10 years and 10 trillion we can maybe get to 95%. But all that effort would provide only a small fraction of the risk reduction we could achieve by making successful compromises less costly.



Showing results for 
Search instead for 
Do you mean 
About the Author(s)
Top Kudoed Posts
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.