Fortify Software Inc. is making Payment Card Industry Data Security Standard (PCI DSS) 6.6 compliance easier for its customers with the addition of a project template that gives developers, auditors, and managers a PCI-centric view into the security of their software systems.
Beginning June 30, customers using Fortify's cornerstone software security solution, Fortify 360, are able to immediately identify and remediate code level vulnerabilities that violate PCI DSS standards.
Currently, Fortify 360 integrates the results from three analyzers into a central repository where they are separated into folders that correspond to their priority. Fortify 360 offers users the ability to test applications using both static and dynamic analysis capabilities, as well as deploy real-time protection in the form of a software-based application firewall. Fortify representatives say the company is the only one to offer all three solutions.
As of June 30, when section 6.6 of the PCI DSS became mandatory, all merchants are required to implement source code analysis solutions or install a Web application firewall. This is in response to the increase in attacks directed against applications.
In response to the major milestone of section 6.6, Fortify's Security Research Group, working closely with Fortify customers, created an environment for Fortify 360 that both draws attention to critical security flaws and specifically highlights issues that violate the PCI DSS. This new capability for Fortify products is available to customers via download from the Fortify Customer Portal.