Strategic partnership will speed up the process of making new naval applications available from 24 months to 24 hours, while strengthening software security within C2C24 program
NEW YORK – August 19, 2019 – Checkmarx, the global leader in software security solutions for DevOps, has been awarded a contract with the U.S. Navy’s Naval Information Warfare Center Pacific to accelerate the development and delivery of secure software applications. Following a competitive evaluation process, Naval Information Warfare Center Pacific (NIWC PAC) selected Checkmarx due to the solution’s ability to fully support a DevSecOps culture through quickly and incrementally scanning software source code from its inception to deployment.
Through the implementation of its industry-leading software composition analysis (CxOSA) and static application security testing (CxSAST) solutions, Checkmarx will help to measurably improve software security during the continuous integration (CI) and continuous delivery (CD) pipeline for the Naval Information Warfare Center – Pacific and Naval Research and Development Establishment (NRDE) ecosystem. Using Checkmarx, more than 5,000 Navy developers and contractors now have the ability to identify, triage and remediate security vulnerabilities in their software applications throughout the software development life cycle.
Traditionally, organizations across the U.S. Department of Defense have grappled with time constraints when developing new software applications. Every federal application in development has to undergo an Authority to Operate (ATO) approval process, which historically caused delays of 18-24 months when deploying a new application.
To address this obstacle, the U.S. Navy recently released a NAVADMIN message mandating adoption of Compile to Combat in 24 Hours (C2C24), a program designed to improve operational efficiency by scaling up the ability to deliver software at the speed of relevance. Through Checkmarx’s integration into the C2C24 program, the U.S. Navy benefits from its contracted developers using the same set of testing tools to harden its CI/CD pipeline and release more secure software faster.
“The stark reality is that it takes an adversary less than 24 hours to weaponize an exploit that targets a newly discovered vulnerability in a deployed application. In order to properly combat against these evolving threats, speed, along with accuracy and security, is critical when developing government software applications,” said Rich Wajsgras, Vice President of US Federal, Checkmarx. “We’re proud to be working closely with NIWC PAC and integrating into its already impactful C2C24 program. Together, we’ll pave the way to faster, more-secure application development while influencing the entire U.S. government sector.”
The U.S. Navy will benefit from CxOSA combined with CxSAST as part of the Checkmarx Software Security Platform, improving overall software security posture while reducing total cost of ownership. The Checkmarx platform tightly integrates SAST, SCA, IAST and developer training via a unified management and orchestration layer to mitigate risk across the entire software development life cycle.
For more information on CxOSA and CxSAST, request a free demo of the Checkmarx Software Security Platform today.
Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry’s most comprehensive Software Security Platform that unifies with DevOps and provides static and interactive application security testing, software composition analysis and developer AppSec training to reduce and remediate risk from software vulnerabilities. Checkmarx is trusted by more than 40 percent of the Fortune 100 and half of the Fortune 50, including leading organizations such as SAP, Samsung and Salesforce.com. Learn more at www.checkmarx.com.
InkHouse for Checkmarx