The Inside-Out Hack Defense
By Michael V. Copeland

(Business 2.0) – Ten years at software giant Symantec taught Ted Schlein a painful lesson: The usual approach to battling hackers—building software barriers around a company's IT network—can't lock out every virus and worm. "We haven't done security right," Schlein says. "The question is, how can we nail it?"

Eight years after leaving Symantec to join venture capital firm Kleiner Perkins Caufield & Byers, Schlein thinks he's found the answer. It's called Fortify Software, a startup that Schlein launched and funded in 2003, then rolled out in 2004 with a passel of A-list customers like AT&T Wireless, PayPal, and Wells Fargo.

Instead of fending off security breaches with a firewall, Fortify's product is the first of its kind to hackproof software from the inside out. As developers work on projects, Fortify analyzes each line of code, flagging vulnerabilities and suggesting fixes. And therein lies the company's shot at a piece of the $12 billion IT security market. "A bug found in the development stage is orders of magnitude cheaper to fix than a bug found at the operational stage," says Ted Shelton, a software expert at Mohr Davidow Ventures.

Fortify has booked just $1 million in sales so far, but CEO John Jack projects revenue will hit $5 million in 2005. PayPal, which spends seven figures a year to bulletproof its code, recently signed on to use Fortify systemwide. "It lowers risk and saves money," says Melissa Webster, research director at IDC. "And that's turning people into better programmers." — MICHAEL V. COPELAND