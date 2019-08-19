NEW YORK--(BUSINESS WIRE)--Checkmarx, the global leader in software security solutions for DevOps, has been awarded a contract with the U.S. Navy’s Naval Information Warfare Center Pacific to accelerate the development and delivery of secure software applications. Following a competitive evaluation process, Naval Information Warfare Center Pacific (NIWC PAC) selected Checkmarx due to the solution’s ability to fully support a DevSecOps culture through quickly and incrementally scanning software source code from its inception to deployment.

Through the implementation of its industry-leading software composition analysis (CxOSA) and static application security testing (CxSAST) solutions, Checkmarx will help to measurably improve software security during the continuous integration (CI) and continuous delivery (CD) pipeline for the Naval Information Warfare Center – Pacific and Naval Research and Development Establishment (NRDE) ecosystem. Using Checkmarx, more than 5,000 Navy developers and contractors now have the ability to identify, triage and remediate security vulnerabilities in their software applications throughout the software development life cycle.

Traditionally, organizations across the U.S. Department of Defense have grappled with time constraints when developing new software applications. Every federal application in development has to undergo an Authority to Operate (ATO) approval process, which historically caused delays of 18-24 months when deploying a new application.

To address this obstacle, the U.S. Navy recently released a NAVADMIN message mandating adoption of Compile to Combat in 24 Hours (C2C24), a program designed to improve operational efficiency by scaling up the ability to deliver software at the speed of relevance. Through Checkmarx’s integration into the C2C24 program, the U.S. Navy benefits from its contracted developers using the same set of testing tools to harden its CI/CD pipeline and release more secure software faster.

“The stark reality is that it takes an adversary less than 24 hours to weaponize an exploit that targets a newly discovered vulnerability in a deployed application. In order to properly combat against these evolving threats, speed, along with accuracy and security, is critical when developing government software applications,” said Rich Wajsgras, Vice President of US Federal, Checkmarx. “We’re proud to be working closely with NIWC PAC and integrating into its already impactful C2C24 program. Together, we’ll pave the way to faster, more-secure application development while influencing the entire U.S. government sector.”

The U.S. Navy will benefit from CxOSA combined with CxSAST as part of the Checkmarx Software Security Platform, improving overall software security posture while reducing total cost of ownership. The Checkmarx platform tightly integrates SAST, SCA, IAST and developer training via a unified management and orchestration layer to mitigate risk across the entire software development life cycle.

