Under contract to the Department of Homeland Security, a research team at Secure Decisions is working on methods to reduce or remediate software vulnerabilities introduced when software is built.
Northport, NY February 16, 2010 “Software is a mature discipline, yet more than 98 percent of all PCs have one or more vulnerable programs, and in the US there are 2.7 billion programs open for attack.” That was the startling fact cited by Secure Decisions in their proposal for a recently awarded project with the Department of Homeland Security’s Science and Technology Directorate. Secure Decisions, a division of Applied Visions, has been awarded the first phase of the DHS research contract under the Small Business Innovation Research (SBIR) program. The project addresses the problem of vulnerabilities in software systems that can be exploited to attack information systems. Some of these vulnerabilities are found as part of systems development and testing, but most are not identified until systems are deployed – when these software vulnerabilities jeopardize the security of other information systems. DHS recognizes the need for more rigorous and routine software testing and vulnerability analysis to identify and remediate security weaknesses before systems are deployed into critical environments where those vulnerabilities can be exploited. According to Principal Investigator Dr. John Goodall, an expert in visual analysis at the company, “no single Software Assurance tool is likely to identify all vulnerabilities.” Instead, the project aims to leverage existing tools by providing a framework for linking disparate testing and vulnerability analysis tools. He believes his team can develop a visual analysis platform that embeds a mechanism for feedback from human analysis into automated analysis. Secure Decisions’ solution will provide tools for use in the software development and engineering lifecycle (SDLC) to improve the security and reliability of software used in the nation’s critical infrastructure. The work leverages the company’s other advanced technology in security visualization, such as VIAssist, data fusion, and iTVO software visualization.
About the Small Business Innovation Research (SBIR) Programs
Established in 1982 by the Small Business Innovation Development Act, the SBIR program allocates a percentage of Federal agencies’ extramural research and development spending for grants to U.S. small businesses. Grants are awarded in phases as research progresses and results are demonstrated, culminating in development of working prototypes with commercial potential. The SBIR program goals are to: stimulate technological innovation; use small business to meet federal research and development (R&D) needs; foster and encourage participation by minorities and disadvantaged persons in technological innovation; and increase private-sector commercialization innovations derived from federal R&D.
About Secure Decisions and Applied Visions
The Secure Decisions division of Applied Visions, Inc. (AVI) focuses on research and development in areas related to national security including information assurance, infrastructure protection, cyber security, and intelligence analysis. Secure Decisions provides decision-makers with tools to analyze massive amounts of data for more accurate and timely decisions; MeerCAT®, SecureScope™ and VIAssist™ visualization products are tools developed for analysis of cyber security data. Contact Secure Decisions for more information. AVI’s iTVO system integrates static and dynamic views of software. For more information, contact Applied Visions.