DIG IT AWARD FINALIST: CYBERSECURITY
Secure software is the best defense
- By Karen Epper Hoffman
- Oct 11, 2016
It’s no easy task to fend off the cybercriminals, hacktivists and powerful nation-states that would see breaching the Defense Department’s cyber defenses as a major coup.
Those hackers have learned to take advantage of vulnerabilities in software to exploit IT systems and access mission-critical data. But through its recent software assurance initiative, the Defense Information Systems Agency has found a better way to contend with potential vulnerabilities that can allow bad actors to break into DOD networks.
Working with Hewlett Packard Enterprise’s Fortify on Demand group, DISA’s Forge.mil Fortify for Forge (F3) program gives DOD users secure, rapid and cost-effective access to up-to-date software security assessment tools.
Forge.mil F3 is the first DOD program to deliver “software assurance as a service” without requiring software licenses or training to use the tools to manage the process. Instead, F3 is a pay-as-you-go model where users can have their code scanned for vulnerabilities and then discuss the findings and recommendations with a software assurance expert so they can quickly make the required changes to the code.
The program was based on feedback from DISA’s survey of its users. “Almost unanimously, users told [DISA] that they needed better security assessment tools and capabilities,” said John Farrell, Fortify specialist for advanced programs at Hewlett Packard Enterprise Security.
The new software assurance program has proved wildly popular, even beyond program developers’ expectations. As part of its launch plan for the F3 service, DISA scheduled a series of marketing presentations, handouts and webinars.
“Since they had no idea what kind of response might be expected, DISA scheduled the call for one hour and had a limited number of spaces available,” Farrell said. “Unexpectedly, the webinar was a big success, and all the connections into the webinar were taken.... A second webinar was held the following week with equally positive response.”
With F3, DISA has made it easy for Forge.mil users to rapidly and affordably deliver dependable software, services and systems.
Karen Epper Hoffman is a freelance writer based in the Seattle area.