HP’s Security Software Offering Gets FedRAMP Board OK; Rob Roy Comments

Hewlett-Packard has received approval from the Joint Authorization Board for the Federal Risk and Authorization Management Program to sell the company’s security software-as-a-service to government clients.

HP’s Fortify on Demand offering is designed to help users assess the security status of application code, web services and mobile applications, HP said Wednesday.

Rob Roy, chief technology officer of enterprise security products for the U.S. public sector at HP, said the service works to address “the root cause of vulnerabilities by securing software from conception through the entire development lifecycle.”

Government agencies will perform continuous monitoring on software with the product in order to mitigate risk and identify threats, HP says.

Fortify on Demand performs static code scanning to check security issues and an HP static auditor conducts an audit review.

HP also designed the service to combine the WebInspect software with manual penetration testing, followed by an HP dynamic tester review process.