NMCI launches prototype for app testing
- By Dawn S. Onley
- Aug 25, 2004
Contractor also is being tested as it checks software
The Navy will share savings with a vendor chosen to run NMCI's software testing lab, Capt. Chris Christopher says.
The Navy has started a prototype program to test software for compatibility with the Navy-Marine Corps Intranet.
Capt. Chris Christopher, deputy director for future operations, communications and business initiatives in the NMCI Office, said the Navy is working with Secure Software of McLean, Va., to run two-pronged prototype tests. The effort is aimed at determining whether specific applications create vulnerabilities and whether they work well under Microsoft Windows 2000 and XP.
'We need to understand what port the software uses,' Christopher said, explaining one way in which the testing assesses security vulnerabilities.
Such tests are critical, said John Viega, founder and chief technical officer for Secure Software.
'Designing the compliance program for application security for NMCI is unique, given its complexity and size. Even so, the need for application security tools within any organization or network environment is a given today'whether government agencies or Fortune 1,000 firms,' Viega said in a release.
The company is using its Code Security Evaluation and Information Assurance Review software to run the tests. Code Security provides an automated security review process for software in development. The Information Assurance Review identifies potential security issues within compiled code.Examiner examined
While Secure Software is conducting the tests, it also faces examination itself. The Navy and NMCI lead contractor EDS Corp. will determine if the service wants a full contract with Secure Software to run the automated processes from the Navy Product Evaluation Center. The center will be located at the Space and Naval Warfare IT Center in New Orleans.
'I think they have very exciting software and we're right now in the process of proving that it works,' Christopher said.
Christopher said the Navy and EDS also would consider hiring more than one company to perform the software vulnerability and compatibility tests. The Navy will share savings with a vendor chosen to run the lab, Christopher said.
NPEC should be up and running by the end of the year.
The Navy is also fine-tuning its plan for how to charge vendors for having their software tested for compatibility with NMCI.
Before the center opens, the Navy will publish on its site, at www.nmci.navy.mil
, the standards a product must meet to pass NMCI compatibility testing and the procedures for submitting software to the center. Vendor costs for the tests can run between $10,000 and $40,000 per application, Christopher said.
'We don't think the government should have to pay to say your software meets our security criteria,' Christopher explained.
Currently, if vendors want to present their software to run on NMCI, they have to contact EDS. Some vendors complained that the process wasn't fair, Christopher said, so the Navy will handle the incoming software apps at the New Orleans center.
The $8.82 billion NMCI project will consolidate 200 systems and eventually have more than 360,000 users on its integrated voice, video and data portal.