Case Study: British Gas achieves improved application security and reduced costs with OpenText Fortify on Demand

Cloud-based managed security testing improves security and efficiency and reduces cost

Centrica/British Gas, the UK utility serving about 12 million homes, needed to strengthen application security as its digital and mobile channels grew and its SAP‑centric development footprint expanded. With rising regulatory pressure and a drive to contain costs via service‑based delivery, the software assurance team sought governance and tooling to identify and remediate vulnerabilities early across internal and third‑party code.

They implemented Micro Focus Fortify on Demand for static and dynamic scanning, embedding scans from unit test through release and requiring audits of outsourced code while delivering developer education. The SaaS approach now covers roughly 90–95% of business‑critical systems, enabling a “shift‑left” reduction in vulnerability volume and severity, improved compliance and developer productivity, and lower cost and schedule impact as part of British Gas’s change plan.

British Gas

Paul Phillips

Head of Software Assurance and Integration