Software Security Assurance
As a specialist in the information security industry, Veris Group recognizes the importance of the National Institute for Standards and Technology (NIST) 2011 finding that more than 92% of current exploitable vulnerabilities are in software. The impact of an attack can range from disruption of regular productivity to serious breach of sensitive data. While perimeter security is important, the traditional methodology used to prevent those breaches will not sufficiently address security risks at all phases of the Systems Development Lifecycle (SDLC). Instead, Veris Group offers our customers our proven solution based on NIST Guidance and the Software Assurance Maturity Model (SAMM). SAMM from OpenSAMM is a supported Open Web Application Security Project (OWASP) initiative.
Veris Group’s Software Security Assurance Framework (SSAF) is a systematic process for ensuring that an organization’s software can be developed and operated as secure. Our comprehensive approach using Software Security Assurance Framework addresses security risks at all phases of the SDLC for in-house development, outsourced projects, third-party commercial applications, and open source projects. Veris Group SSAF professionals infuse secure development and testing practices for creating new code and addressing the weaknesses already present in deployed applications.
Our SSAF services, available both during software development and for existing applications, include:
- Policy development
- Technology tools
- Vendor management
- Progress and accountability tracking metrics
Veris Group’s team of software security assurance engineers has extensive experience in Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).Whether the application is a commercial off-the-shelf (COTS) offering, a mobile device application, or in-house product, Veris Group’s SSAF detects intentional and unintentional vulnerabilities and analyzes the impact of their exploitation. Serving such organizations as the Social Security Administration (SSA) and the Military Health System (MHS), we provide consistent SSAF analysis and effective solutions. Careful analysis of these important software systems’ vulnerability scans helps us keep their information secure.
Veris Group employs the whole lifecycle process model based on the strongest risk management concepts from the NIST Guidance and the SAMM. The Veris Group SSAF allows our customers to worry less about buying discrete security widgets as they install efficient, proactive, systematic solutions to help them reach their overarching continuously-secure software lifecycle goals.