Pressemitteilung BoxID: 372593 (Fortify Software, Inc)
  • Fortify Software, Inc
  • 2215 Bridgepointe Pkwy, Suite 400
  • 94404 San Mateo, CA
  • Ansprechpartner
  • Yvonne Eskenzi
  • +44 (207) 1832-832

Fortify Software and Mainstay Partners Survey Security Executives to Find the Real ROI of Software Security

Study Finds Software Security Assurance Savings Equals $2.4M per Year, and Savings Increase Exponentially with Broad SSA Adoption

(PresseBox) (San Mateo, CA, ) Fortify Software, the market leader in Software Security Assurance (SSA) solutions, today released the results of an indepth study with Mainstay Partners to find the true Return on Investment (ROI) of software security assurance solutions in a white papers entitled "Does Application Security Pay? Measuring the Business Impact of Software Security Assurance Solutions", available at

After conducting and analyzing the results of executive interviews with 17 of Fortify's global customers, including Fortune 500 companies across the financial services and government sectors, Mainstay was able to identify, qualify and quantify the full range of benefits organizations are seeing from their SSA investments. The survey revealed that, with baseline savings at $2.4M per year, companies are finding that investing in efficiency and productivity improvements, including faster, lesscostly code scanning and vulnerability remediation, and streamlined compliance and penetration testing, pays dividends in preventative savings.

"Not surprisingly, at a time when IT budgets are coming under closer scrutiny, chief information security officers are being called on to justify their software security investments from a costbenefit perspective," said Thornton. "We believe this study provides a good framework for the business and financial justification of an investment in software security. Organizations that take a programlevel approach to security will not only reduce risk, but get a much greater strategic return on software security."

"We reviewed 30 software security providers and found that, while everyone talks about ROI, no one has really quantified the business value of SSA," said Amir Hartman, cofounder and managing director of Mainstay Partners. "Fortify's effort to put some real cost and time savings against an investment in SSA is unique in the industry, and should give security executives the language they need to communicate the value of SSA in a way that resonates with senior IT and business leaders."

Based on the Clevel interviews conducted between April and August of this year, the study found that exponential increases in benefits are being achieved by companies that deploy SSA in more comprehensive and innovative ways. These advanced deployments include embedding software security controls and best practices throughout the application development lifecycle, extending SSA programs into critical customerfacing product areas, and leveraging SSA to seize unique valuegenerating opportunities. For these strategic companies, the benefits of application security solutions can add up to as much as $37M per year.

Mainstay's research also revealed that securing buyin from senior IT leadership, including the CIO and head of application development, is another way to successfully deploy a highvalue, strategic SSA solution. Without this commitment, there is little likelihood that organizations can realize maximum value from a strategic SSA deployment. To gain support from senior leadership, about 90 percent of the executives surveyed said that proving SSA's payback potential in the form of a business case or ROI assessment was critical.

Other key findings among customers who had optimized their adoption of SSA include:

- Vulnerabilities per application reduced from 1000's to 10's
- Average time to fix a vulnerability reduced from 1 to 2 weeks to 1 to 2 hours
- The percentage of repeat vulnerabilities reduced from 80% to 0%
- Costs for compliance and penetration tests reduced from ~$500k to $250k
- Timetomarket delays due to vulnerabilities reduced from 4+ incidents (30 days each) to none

To learn more about this ROI study or to receive a copy of the study, titled "Does Application Security Pay? Measuring the Business Impact of Software Security Assurance Solutions", please go to