Source code security technology start-up Fortify Software was chosen by Oracle to seek out potential security holes in Oracle’s database and middleware software. Oracle with over 30 million lines of code is the first top-tier commercial software to sign as a Fortify customer.
Fortify offers an integrated collection of tools that scan source code for secure coding policy violations. Oracle licensed the tools for its database, application server and identity management groups. In addition, Oracle will check its E-Business Suite, PeopleSoft products and products acquired from other vendors.
Oracle, which once used the “unbreakable” slogan, has taken a few hits on its security reputation this year after a German security research company published details of several high-risk vulnerabilities. By licensing Fortify tools, Oracle hopes to minimize vulnerabilities and reduce the number of patches
“There´s lots of Band-Aid products out there that protect against attacks. You wouldn´t need so many Band-Aids if you could actually have a vaccine,” Mary Ann Davidson, Oracle CSO says.
Fortify CEO, John Jack said that working with Oracle helps the company to refine its software and improve its tools’ performance.