Secure software is the best defense


Secure software is the best defense

It’s no easy task to fend off the cybercriminals, hacktivists and powerful nation-states that would see breaching the Defense Department’s cyber defenses as a major coup.

Dig IT Award Finalists

The GCN Dig IT Awards celebrate discovery and innovation in government IT.

There are 36 finalists this year. Each will be profiled in the coming days, and the winners for each category will be announced at the Oct. 13 Dig IT Awards gala.

See the full list of 2016 Dig IT Award Finalists

Those hackers have learned to take advantage of vulnerabilities in software to exploit IT systems and access mission-critical data. But through its recent software assurance initiative, the Defense Information Systems Agency has found a better way to contend with potential vulnerabilities that can allow bad actors to break into DOD networks.

Working with Hewlett Packard Enterprise’s Fortify on Demand group, DISA’s Fortify for Forge (F3) program gives DOD users secure, rapid and cost-effective access to up-to-date software security assessment tools. F3 is the first DOD program to deliver “software assurance as a service” without requiring software licenses or training to use the tools to manage the process. Instead, F3 is a pay-as-you-go model where users can have their code scanned for vulnerabilities and then discuss the findings and recommendations with a software assurance expert so they can quickly make the required changes to the code.

The program was based on feedback from DISA’s survey of its users. “Almost unanimously, users told [DISA] that they needed better security assessment tools and capabilities,” said John Farrell, Fortify specialist for advanced programs at Hewlett Packard Enterprise Security.

The new software assurance program has proved wildly popular, even beyond program developers’ expectations. As part of its launch plan for the F3 service, DISA scheduled a series of marketing presentations, handouts and webinars.

“Since they had no idea what kind of response might be expected, DISA scheduled the call for one hour and had a limited number of spaces available,” Farrell said. “Unexpectedly, the webinar was a big success, and all the connections into the webinar were taken.... A second webinar was held the following week with equally positive response.”

With F3, DISA has made it easy for users to rapidly and affordably deliver dependable software, services and systems.

About the Author

Karen Epper Hoffman is a freelance writer based in the Seattle area.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected