Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

12/8/2020
10:30 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Checkmarx Delivers Containerized AppSec Solution to DoDs Platform One Application Portal

NEW YORK – December 8, 2020 – Checkmarx, the global leader in software security solutions for DevOps, today announced that it has been accepted into the U.S. Department of Defense’s (DoD) “Iron Bank” repository and is now available through the U.S. Air Force Platform One application portal. With this, Checkmarx furthers its commitment to supporting the public sector by making its automated application security testing (AST) solution available to all DoD agencies in the form of a hardened container, helping them to confidently build and release secure software while meeting the strict security and compliance requirements of the U.S. military.

A project of the U.S. Air Force designed to deliver the benefits of DevSecOps across the entire DoD, Platform One provides “Iron Bank,” a centralized artifacts repository, with a pre-approved collection of solutions that have undergone extensive auditing and approval steps to streamline Authority to Operate (ATO) processes. Checkmarx’s hardened container instance was developed in coordination with the DoD and has achieved a Certificate to Field (CtF) from the USAF Platform One team. This enables all DoD agencies and developers to easily acquire and integrate the Checkmarx solution into their DevOps environments and automatically insert security into the entire SDLC, while also avoiding lengthy ATO timelines. 

Notably, this expands Checkmarx’s long-standing partnership with the DoD, already supporting the U.S. Navy’s Naval Information Warfare Center Pacific (NIWC PAC) division and the U.S. Air Force Business & Enterprise Systems Directorate (USAF BES), among other agencies, in their DevSecOps initiatives. 

“As software becomes more complex, bringing with it a vast attack surface, the DoD has made it a priority to arm development teams with best-in-class solutions to build and deploy applications in a more secure manner,” said Nicolas Chaillan, Chief Software Officer and Co-Lead for the DoD Enterprise DevSecOps Initiative, U.S. Air Force. “Checkmarx has been a valued partner to the USAF and DoD for years and this latest step in bringing a hardened version of their solution to Iron Bank and Platform One will be invaluable as we execute on our mission to shift to a DevSecOps model across our entire branch.”  

Checkmarx offers automated solutions that simplify and speed up the process of security testing throughout software development. The company’s solutions integrate seamlessly with developer workflows and tools to quickly find and remediate vulnerabilities in both custom and open source code before software is released. Public sector agencies that leverage Checkmarx are able to integrate enterprise-grade security testing into their DevOps environments, while meeting compliance requirements for FISMA, NIST, and STIG, among others, and decreasing time to ATO. 

“The Iron Bank and Platform One synergy is a truly logical way of bringing the benefits of faster time-to-market and lower development costs to a complex enterprise like the DoD,” said Peter Archibald, Federal Systems Manager, Checkmarx. “The genius and simplicity of this approach lies within the hardened containers. This is a significant evolution in how the DoD is innovating secure development, and we’re thrilled to be a part of the movement as we elevate their approach to modern DevOps and software resiliency.” 

For more information about Checkmarx’s public sector practice, visit here

About Checkmarx 

Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry’s most comprehensive Software Security Platform that unifies with DevOps and provides static and interactive application security testing, software composition analysis, and developer AppSec awareness and training programs to reduce and remediate risk from software vulnerabilities. Checkmarx is trusted by more than 40 of the Fortune 100 companies and half of the Fortune 50, including leading organizations such as SAP, Samsung, and Salesforce.com. Learn more at www.checkmarx.com

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21510
PUBLISHED: 2021-03-08
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
CVE-2020-27575
PUBLISHED: 2021-03-08
Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.
CVE-2020-27576
PUBLISHED: 2021-03-08
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability.
CVE-2020-27838
PUBLISHED: 2021-03-08
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulner...
CVE-2021-21503
PUBLISHED: 2021-03-08
PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.