Press Release

National Cyber Security Task Force Report Incorporates Cigital Best Practices for Building Secure Software

Company Endorses Recommendations for "Full-Lifecycle" Approach to Security

DULLES, Va., April 02, 2004—Cigital, Inc. today announced that a National Cyber Security Partnership (NCSP) task force incorporated the company's best practices in a just-released report on improving software security. Cigital is a leading provider of solutions that drive down the cost of building and deploying quality software.

In a 123-page report to the U.S. Department of Homeland Security, the NCSP task force—a group of security technology experts, academics, and business and government officials—issued preliminary recommendations for improving software security by addressing security throughout all phases of the software development lifecycle.

Among the key recommendations:

  • Awareness & Education: Improving the education of current and future software developers.
  • Process Improvement: Adopting software development practices that can measurably reduce software specification, design and implementation defects.
  • Redesign of Flawed Systems: Encouraging software producers to recognize systems with unacceptable architectures and designs and re-architect and redesign them with proper characteristics for security, using quality software development processes.
  • Security Best Practices: Interleaving security best practices throughout the software design process.

Cigital Chief Technology Officer Dr. Gary McGraw is a member of the NCSP task force's software process subgroup and served as a co-author of the Processes to Produce Secure Software report. "Software security is a serious problem of national significance that deserves serious treatment by software professionals," said McGraw, whose two books Building Secure Software (2001) and Exploiting Software (2004) have helped to define the software security space. "We've been saying for over ten years that security must be built into software from the earliest design stages and assessed thoroughly throughout the development lifecycle. Security is not a set of features that can be sprinkled on to a finished software product like so much magic crypto fairy dust. It's gratifying to interact with a group of highly respected software experts and all come to agree that software builders should adhere to software security best practices—particularly when those best practices were created and refined at Cigital."

The best practices report can be downloaded at http://www.cigital.com/papers/download/secure_software_process.pdf.

The NCSP is a public-private partnership that organized the National Cyber Security Summit to develop shared strategies and programs to better secure and enhance America's critical information infrastructure. For more information, visit http://www.cyberpartnership.org.

About Cigital

Cigital helps commercial and government clients assure software quality and improve software development processes. Our Software Quality Management (SQM) solutions drive down the cost of building and deploying quality software and ensuring software reliability, security and performance. Cigital's expert consultants measure software quality by combining proprietary methodologies, tools and knowledge to perform full-lifecycle testing via a risk management framework. These metrics are used to drive application readiness decisions and identify the most cost-effective areas for software process improvement. Founded in 1992, Cigital (www.cigital.com) is headquartered in Northern Virginia with additional offices in Boston.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

Cigital is a trademark of Cigital, Inc.