Checkmarx Wins US Navy Contract to Accelerate Application Development
IsraelDefense
| 21/08/2019
U.S. Navy photo by Mass Communication Specialist 2nd Class Cameron Stoner - https://www.navy.mil/view_image.asp?id=294709
Checkmarx, a provider of software security solutions for DevOps, has been awarded a contract with the US Navy’s Naval Information Warfare Center Pacific (NIWC PAC) to accelerate the development and delivery of secure software applications. NIWC PAC selected Checkmarx on the basis of its ability to fully support a DevSecOps culture through quickly and incrementally scanning software source code from its inception to deployment, the company said in a release.
Through the implementation of its industry-leading software composition analysis (CxOSA) and static application security testing (CxSAST) solutions, Checkmarx will help to measurably improve software security during the continuous integration (CI) and continuous delivery (CD) pipeline for the Naval Information Warfare Center – Pacific and Naval Research and Development Establishment (NRDE) ecosystem. Using Checkmarx, more than 5,000 Navy developers and contractors now have the ability to identify, triage, and remediate security vulnerabilities in their software applications throughout the software development life cycle.
Traditionally, organizations across the US Department of Defense have grappled with time constraints when developing new software applications. Every federal application in development has to undergo an Authority to Operate (ATO) approval process, which historically caused delays of 18-24 months when deploying a new application.
To address this obstacle, the US Navy recently released a NAVADMIN message mandating adoption of Compile to Combat in 24 Hours (C2C24), a program designed to improve operational efficiency by scaling up the ability to deliver software at the speed of relevance. Through the integration of Checkmarx’s solutions into the C2C24 program, the US Navy benefits from its contracted developers using the same set of testing tools to harden its CI/CD pipeline and release more secure software faster, the company said.
“The stark reality is that it takes an adversary less than 24 hours to weaponize an exploit that targets a newly discovered vulnerability in a deployed application. In order to properly combat against these evolving threats, speed, along with accuracy and security, is critical when developing government software applications,” said Rich Wajsgras, Vice President of US Federal at Checkmarx. “We’re proud to be working closely with NIWC PAC and integrating into its already impactful C2C24 program. Together, we’ll pave the way to faster, more-secure application development while influencing the entire US government sector.”
The US Navy will benefit from Checkmarx’s Software Security Platform, improving overall software security posture while reducing total cost of ownership, the company said. The Checkmarx platform integrates SAST, SCA, IAST and developer training via a unified management and orchestration layer to mitigate risk across the entire software development life cycle.
U.S. Navy photo by Mass Communication Specialist 2nd Class Cameron Stoner - https://www.navy.mil/view_image.asp?id=294709
Checkmarx, a provider of software security solutions for DevOps, has been awarded a contract with the US Navy’s Naval Information Warfare Center Pacific (NIWC PAC) to accelerate the development and delivery of secure software applications. NIWC PAC selected Checkmarx on the basis of its ability to fully support a DevSecOps culture through quickly and incrementally scanning software source code from its inception to deployment, the company said in a release.
Through the implementation of its industry-leading software composition analysis (CxOSA) and static application security testing (CxSAST) solutions, Checkmarx will help to measurably improve software security during the continuous integration (CI) and continuous delivery (CD) pipeline for the Naval Information Warfare Center – Pacific and Naval Research and Development Establishment (NRDE) ecosystem. Using Checkmarx, more than 5,000 Navy developers and contractors now have the ability to identify, triage, and remediate security vulnerabilities in their software applications throughout the software development life cycle.
Traditionally, organizations across the US Department of Defense have grappled with time constraints when developing new software applications. Every federal application in development has to undergo an Authority to Operate (ATO) approval process, which historically caused delays of 18-24 months when deploying a new application.
To address this obstacle, the US Navy recently released a NAVADMIN message mandating adoption of Compile to Combat in 24 Hours (C2C24), a program designed to improve operational efficiency by scaling up the ability to deliver software at the speed of relevance. Through the integration of Checkmarx’s solutions into the C2C24 program, the US Navy benefits from its contracted developers using the same set of testing tools to harden its CI/CD pipeline and release more secure software faster, the company said.
“The stark reality is that it takes an adversary less than 24 hours to weaponize an exploit that targets a newly discovered vulnerability in a deployed application. In order to properly combat against these evolving threats, speed, along with accuracy and security, is critical when developing government software applications,” said Rich Wajsgras, Vice President of US Federal at Checkmarx. “We’re proud to be working closely with NIWC PAC and integrating into its already impactful C2C24 program. Together, we’ll pave the way to faster, more-secure application development while influencing the entire US government sector.”
The US Navy will benefit from Checkmarx’s Software Security Platform, improving overall software security posture while reducing total cost of ownership, the company said. The Checkmarx platform integrates SAST, SCA, IAST and developer training via a unified management and orchestration layer to mitigate risk across the entire software development life cycle.
