The U.S. agency client develops mission critical software for the U.S. military. As with any software developed for national security purposes, it is imperative to minimize the risk of this software getting hacked by cyber adversaries. Given that most cyber-attacks on software target known vulnerabilities—especially within open source and third-party applications and libraries, as well as bundled executables—these vulnerabilities represent the primary means through which a cyber adversary will seek to compromise an organization’s data and systems.
Over time, most software will be infiltrated by known vulnerabilities. The Agency knew they had to minimize the possibility of cyber adversaries attacking mission critical systems through software vulnerabilities.
It often takes months, and sometimes years, for IT staff to fix new, critical vulnerabilities found within software. In addition, there may be times at which developers release new software versions that inadvertently contain vulnerabilities. Over time, the likelihood of documented vulnerabilities residing within deployed software is nearly certain. Even the best-managed software development teams can lose sight of the vulnerabilities that are discovered daily, making the prompt detection and remediation of known vulnerabilities of paramount importance because they are the means attackers use to target mission systems.
The Agency contracted with Assured Enterprises for a detailed evaluation of AssuredScanDKV®, a deep software scanning tool described as being able to perform these very functions.
Copyright © 2017