Perhaps you have been in this situation before:

You’re a CIO/VP IT/IT manager and you’re preparing to implement a packaged business application – for example a new CRM system. Something in the back of your mind says that the vendor’s development organization is probably not a lot different than yours (although you hope they’ve thought through the security issues first). What should you do?

• First inspect and penetration-test the system using black-box testing.
• Then, using white-box testing – assess infrastructure components, database interfaces and Web applications for vulnerabilities using our Legacy Risk Analysis Loop technique.
• We will help you identify fault-prone modules in your particular operation and evaluate those modules with the most impact on system reliability and downtime.
• We can go in and perform an onsite audit of the vendor secure software development practices during your RFP/RFI/pre-purchase stages.

This process helps give your organization a much better picture of software defects  before you send the vendor the purchase order. Our Web collaboration tool supports continuous risk analysis and management with two main applications: a knowledge base and issue tracker:

The database of standard CVSS scores for components and CLASP problem types classifications is always available for the entire organization. Users can add new entities and modify scores as the business environment changes. By using an  issue tracker you can see a:

• A consistent thread of requests, changes and open action items during the risk analysis process and in particular in the Validate findings step
• An Updated implementation status of countermeasures.
• Real-time status tracking where unlike email, issues cannot get lost or be ignored!

The CEO committed to shipping June 1, the VP engineering is under the gun, the programmers know they are cutting corners, your resellers are getting ready to jump ship to your latest competitor. Is it worth it, knowing that the cost of fixing a bug in production software is 100X the cost of fixing it during the implementation process?

How can you eliminate vulnerabilities in your software at the source?

We can help you:

* Eliminate those minor security releases that put a huge dent in your ship schedule and damage hard-earned customer equity.
* Proactively control vulnerabilities and create a disclosure process with your customers that makes security an asset not a liability.
* We can help you to improve your work practices in the software development life cycle by training and helping you build a team that can sustain quality.
o Learn how to reduce avoidable rework
o Learn how to reliably identify fault-prone modules in a company’s particular operation
o Learn how to identify modules with the most impact on system reliability and downtime
o Learn how to develop sustaining metrics for defect reduction
o Train your application programmers in best security practices and help them see themselves as part of an integrated company-wide commitment to quality software.
o Help your organization choose and implement disciplined practices such as Watts Humphrey’s PSP (Personal Software Process) and TSP (Team Software Process) that can have high ROI in defect reduction in new software development.