Hyperic, a Leading Open Source Application Developer, Gains a Competitive Advantage with Fortify

The Company

Hyperic, Inc. delivers open source, multi-platform IT management that enables its customers to manage heterogeneous operations environments from a single interface. Founded in 2004, the company is based in San Francisco.

The Challenge

One of Hyperic's customers, a Fortune 500 technology company, requested that all software undergo a security audit before being deployed. This included a thorough security analysis of the company's flagship application, Hyperic HQ - approximately 3,000 files and 650,000 lines of code. Hyperic recognized that the lack of security audits presented a barrier to enterprise adoption of open source software. In order to be competitive in the market, it was critical that its code be secure.

We needed to perform a source code security audit to assure our community users and our customers that our technology was robust and did not pose a security risk.

Ryan Morgan, Hyperic Chief Architect

• Key Challenges

  • Customer demands for a secure code base
  • Large and complicated code base
  • Small team of engineers

The Solution

Hyperic chose Fortify SCA, the leading source code security analysis solution from Fortify Software that helps companies identify, manage, and remediate software vulnerabilities. "We chose Fortify Software because they offered a comprehensive and efficient source code analysis tool that we could use to make our software secure for enterprise use," said Ryan Morgan. "Within the first half-day of working with them," added Javier Soltero, Hyperic president and CEO, "we knew we'd made the right choice."

The Results

As a result of Fortify Software's engagement, Hyperic:

• Delivered more secure code

• The number one takeaway is that deploying Fortify SCA allows us to produce a more secure product, said Ryan Morgan. Even without a large engineering department, we were able to use this software to define best practices for our open source systems management with regards to security. Fortify SCA helped Hyperic identify and remediate key vulnerabilities, including a few parts of the code that were vulnerable to SQL injection attacks. Hyperic's team was able to fix these areas quickly and eliminate what could have been a major threat.

• Reduced time to conduct a security audit

• Fortify SCA enabled Hyperic to conduct a thorough review in a much shorter amount of time. With Fortify SCA, we were able to shorten the amount of time it took us to review our code base by weeks compared to conducting a manual audit, said Mr. Soltero. In just the first week, we realized there was no way we could have found these source code problems on our own.

• Discovered data integrity problems in the source code

• Fortify SCA found problems not directly related to security vulnerabilities. In fact, it found some source code level rate conditions that were causing data integrity as well as other quality bugs that Hyperic had not been able to fix.

• Gained a competitive advantage

• Hyperic achieved a competitive advantage in being able to assure its customers and prospects that the company had fortified its code. "Incorporating Fortify's security analysis products into our open source IT management software tools gives us a competitive advantage as we bring our enterprise level product to the market," said Mr. Soltero. Fortify SCA enables Hyperic to demonstrate to potential customers that they have a secure application.

• Fortify Benefits

  • Increased level of security
  • Reduced time to conduct a security audit
  • Established a competitive advantage

The Conclusion

Hyperic has fully integrated Fortify SCA into its software development process for existing and future client engagements. By deploying Fortify SCA, they now have a more secure product.

About Fortify Software

Fortify Software products protect companies from today's greatest security risk: the software applications that run their businesses. Combining deep application security expertise with extensive software development experience, Fortify Software has defined the market with award-winning products that span the software development cycle. Today, Fortify Software fortifies the software for the most demanding customer deployments, including the world's largest, most varied code bases.

Read more security risk management case studies.