11th July 2008 - Fortify Software, the application vulnerability specialist, says a set of ActiveX security bugs reported this week prove the firm\'s observations that security flaws are likely with almost any piece of applications software.

\"This latest ActiveX flaw centres on the Snapshot Viewer ActiveX control, which is a feature of most versions of Microsoft Office Access,\" said Rob Rachwald, Fortify\'s director of product marketing.

\"Microsoft is tackling the problem, which seeks to lure Access users to a modified Web page that then attempts to execute the attack code within Internet Explorer, but I think that Microsoft is doing its best to solve the flaw in a timely and effective manner,\" he added. According to Rachwald, it is interesting to note that Adam Shostack, one of Microsoft\'s IT security gurus, has commented recently on the difficulty of going back and fixing code that was never designed with a software development life-cycle.

Although Microsoft is doing a really good job of finding and fixing issues since it has placed a new emphasis on security, it\'s still a difficult task to find all bugs,\" he explained.

For more on the Access ActiveX security flaw:

http://tinyurl.com/6xtynn

For more on Fortify Software:

http://www.fortifysoftware.com

ENDS

About Fortify Software, Inc.

Fortify® Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security suite —Fortify 360—drives down costs and security risks by implementing threat intelligence, automating key processes of developing and deploying secure applications. Fortify Software\'s customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners. More information is available at www.fortify.com.

Ends