Government Agencies Gain Quick Access to Secure Software's 'Automated Application Security'
Proven Technology Available for "Finding and Eliminating Software Vulnerabilities" Before They Result in Catastrophic Problems
MCLEAN, Va.--(BUSINESS WIRE)--July 27, 2004-- Secure Software, which provides business and government with automated solutions for application security announces the availability of its products and services to government agencies through the GSA schedule contract. Federal, state, and local agencies now have expedited access to two key offerings that identify, classify and eliminate the security flaws in "off-the-shelf" and "in-development" software. Secure Software's Code Security Evaluation(TM) (CSE) and Information Assurance Review(TM) (IAR) are available on GSA schedule contract number GS-35F-0330J through its government business partner, immixTechnology.
Hacking, breaches, and vulnerabilities in software applications are creating major financial losses and catastrophic risks throughout the US economy, with increased calls by commercial industry and government to address the deficiencies in software development and security architecture. The problem, currently estimated to cost businesses and consumers in the U.S. alone over $60 billion annually, is demanding technologies that can better review and remediate the code flaws embedded in millions of lines of software.
Secure Software is currently providing the Department of Navy with prototype tools that analyze the security compliance of candidate software applications for the "Navy-Marine Corps Intranet" (NMCI). Second in size only to the Internet, NMCI is the military's $6.9 billion contract to consolidate 200 separate networks and 350,000 desktop computers, making it the largest intranet in the world. Secure Software is working with the Department of Navy Product Evaluation Center (NPEC) to check the compliance of key applications against established network standards. (for more information go to http://www.securesoftware.com/news_20040722.htm)
Secure Software's two technology products on the GSA schedule include:
Code Security Evaluation(TM) (CSE) offers organizations an automated, accurate and repeatable security review process for software in development, or for meeting compliance and third-party security review requirements. By providing a detailed evaluation of the binary form or source code of an application, the Code Security Evaluation reports, explains, and prioritizes vulnerabilities in the architecture, design, and implementation of applications. Having this technology will allow government agencies and their contractors to uncover and remove the code flaws and risks from insecure applications, preventing catastrophic software breaches.
Information Assurance Review(TM) (IAR) provides a targeted report designed specifically for Information Technology and Enterprise Architecture decision-makers concerned about Application Security, using the same techniques and expert tools as the in-depth Code Security Evaluation(TM).
The Information Assurance Review identifies potential security issues within compiled code - or "off the shelf" software applications, providing the insight and guidance to make smart deployment or purchasing decisions.
The IAR report describes potential areas of vulnerability and assesses the code quality level. In addition, information helpful to IT and EA staff is gathered, including: inbound and outbound network communications behavior; files the application will normally access; Windows registry access; and interactions with operating system security features.
"With security at the forefront of government IT requirements, application security is one of the critical areas they are addressing today," said Art Richer, Vice President, immixTechnology. "Secure Software's automated process of discovering and analyzing security risks in software applications will allow the Government to efficiently and accurately eliminate vulnerabilities at the application-level."
About Secure Software
Secure Software provides application-security technology that helps organizations cost-effectively eliminate security problems at the source - insecure software code - in legacy, acquired, and new-start applications. Secure Software's approach combines third-generation automated discovery and vulnerability analysis technology with an automated process that guides organizations in prioritizing, fixing and regulating software code.
Secure Software was founded in 2001 by industry expert John Viega, author of the renowned resource book Building Secure Software (and more than 80 technical papers). The company's technology has been field-tested in dozens of client assignments since 2001, including the world's largest intranet (U.S. Navy-Marine Corps Intranet).
Based in McLean, VA, Secure Software recently received $5.25 million of Series A funding by Charles River Ventures and Valhalla Partners. The company sells its solutions to large government agencies and utilities, financial institutions, healthcare organizations and independent software vendors. For more information visit: www.securesoftware.com.
About immixTechnology
immixTechnology, a subsidiary of the immixGroup, partners with select complex technology companies in selling their products and services in the public sector. immixTechnology manages the complexity of doing business in the government by providing contract management and business development support through its unique partner investment program. In addition to Secure Software, immixTechnology has established partnerships with other leading complex technology manufacturers. For more information visit http://www.immixtechnology.com.
Contacts
Secure Software, McLean
by
DCPR
Joel Greenberg, 202-363-1065
joel@dcpr.com
[ Comment, Edit or Article Submission ]
