1 min read

Finding Needles in a Haystack

Tom Brennan : Updated on March 7, 2026

Blog
Finding Needles in a Haystack
BLOG
2:15
I recently did a interview on the  Reimagining Cyber Podcast about advancements in the software security industry. I then took some time to think about the Fortify product that I have worked with for so many years.  The pro and the con, what are your thoughts?

OpenText - Fortify

Pros of using source code tools like Fortify for software code quality:
  1. Identifying security vulnerabilities: Fortify helps identify security vulnerabilities in source code, such as buffer overflows, cross-site scripting (XSS), and SQL injection. This can help prevent attacks and protect sensitive data.
  2. Improving code quality: Fortify provides in-depth analysis of source code, helping developers improve the quality and maintainability of the code. This can lead to faster development and reduced time spent fixing bugs.
  3. Automation: Fortify automates many code quality checks, reducing the time and effort required to manually review code. This can help developers focus on more important tasks and reduce the risk of human error.
  4. Integration with development tools: Fortify can integrate with development tools such as integrated development environments (IDEs) and continuous integration (CI) pipelines, making it easier to use and incorporate into the development process.
Cons of using source code tools like Fortify:
  1. False positives: Fortify may produce false positives, indicating security vulnerabilities that don't actually exist. This can lead to wasted time and resources fixing non-existent issues.
  2. False negatives: Fortify may miss real security vulnerabilities, as it can only identify vulnerabilities it has been programmed to find.
  3. Resource requirements: Fortify can be resource-intensive and slow down the development process, especially on large codebases.
  4. Cost: Fortify can be expensive, making it a challenge for smaller organizations or projects with limited budgets.
Overall, source code tools like Fortify can be a valuable tool for improving software code quality and identifying security vulnerabilities. However, it's important to understand its limitations and to use it as part of a comprehensive software development process, including manual code reviews and other security measures.
Meraki Setup Tips

1 min read

Meraki Setup Tips

Tom Brennan : Nov 2, 2025 12:43:24 PM

Cisco Meraki is a cloud-managed networking solution that provides a wide range of features and functionalities to help organizations manage their...

Blog
Read More
Got Unified Security Yet?

1 min read

Got Unified Security Yet?

Tom Brennan : Nov 3, 2025 12:44:01 PM

Physical and logical security convergence refers to the integration of traditional physical security measures (such as cameras, locks, and alarms)...

Blog
Read More
Blog Archives

Blog Archives

Tom Brennan : Nov 3, 2025 12:44:02 PM

In the world of cybersecurity, there are three core pillars that every organization should be focusing on: people, process, and technology. These...

Blog
Read More