Secure software is the best defense

DIG IT AWARD FINALIST: CYBERSECURITY

Secure software is the best defense

It’s no easy task to fend off the cybercriminals, hacktivists and powerful nation-states that would see breaching the Defense Department’s cyber defenses as a major coup.

Dig IT Award Finalists

The GCN Dig IT Awards celebrate discovery and innovation in government IT.

There are 36 finalists this year. Each will be profiled in the coming days, and the winners for each category will be announced at the Oct. 13 Dig IT Awards gala.

See the full list of 2016 Dig IT Award Finalists

Those hackers have learned to take advantage of vulnerabilities in software to exploit IT systems and access mission-critical data. But through its recent software assurance initiative, the Defense Information Systems Agency has found a better way to contend with potential vulnerabilities that can allow bad actors to break into DOD networks.

Working with Hewlett Packard Enterprise’s Fortify on Demand group, DISA’s Forge.mil Fortify for Forge (F3) program gives DOD users secure, rapid and cost-effective access to up-to-date software security assessment tools.  

Forge.mil F3 is the first DOD program to deliver “software assurance as a service” without requiring software licenses or training to use the tools to manage the process. Instead, F3 is a pay-as-you-go model where users can have their code scanned for vulnerabilities and then discuss the findings and recommendations with a software assurance expert so they can quickly make the required changes to the code.

The program was based on feedback from DISA’s survey of its users. “Almost unanimously, users told [DISA] that they needed better security assessment tools and capabilities,” said John Farrell, Fortify specialist for advanced programs at Hewlett Packard Enterprise Security.

The new software assurance program has proved wildly popular, even beyond program developers’ expectations. As part of its launch plan for the F3 service, DISA scheduled a series of marketing presentations, handouts and webinars.

“Since they had no idea what kind of response might be expected, DISA scheduled the call for one hour and had a limited number of spaces available,” Farrell said. “Unexpectedly, the webinar was a big success, and all the connections into the webinar were taken.... A second webinar was held the following week with equally positive response.”

With F3, DISA has made it easy for Forge.mil users to rapidly and affordably deliver dependable software, services and systems.

About the Author

Karen Epper Hoffman is a freelance writer based in the Seattle area.

inside gcn

  • digital license plate (Reviver)

    Sacramento drives digital license plate test

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group