Case Study: British Gas achieves stronger application security, faster development and cost savings with Hewlett Packard Enterprise (Fortify on Demand)

British Gas - Customer Case Study

British Gas, the UK energy supplier serving around 12 million homes, needed to identify and remediate application vulnerabilities earlier in the software development lifecycle as digital channels now account for more than 50% of customer interactions and mobile and SAP workstreams expanded. To address this, British Gas adopted Fortify on Demand Application Security as a Service provided by Hewlett Packard Enterprise for static and dynamic scanning of both in-house and third‑party code.

Hewlett Packard Enterprise integrated Fortify on Demand into British Gas’s SDLC with a “discover early, resolve early” approach—static scans from unit test onward and dynamic scans for mature code—covering roughly 90–95% of core business‑critical systems and performing at least one core scan every two years. The deployment produced measurable results: a clear downward trend in the volume and severity of vulnerabilities, improved compliance posture, higher developer productivity through shift‑left practices, and more efficient cost and resource management.

British Gas

Paul Phillips

Head of Software Assurance and Integration