NEW YORK – August 19, 2019 – Checkmarx, the global leader in software security solutions for DevOps, has been awarded a contract with the U.S. Navy’s Naval Information Warfare Center Pacific to accelerate the development and delivery of secure software applications. Following a competitive evaluation process, Naval Information Warfare Center Pacific (NIWC PAC) selected Checkmarx due to the solution’s ability to fully support a DevSecOps culture through quickly and incrementally scanning software source code from its inception to deployment.
Through the implementation of its industry-leading software composition analysis (CxOSA) and static application security testing (CxSAST) solutions, Checkmarx will help to measurably improve software security during the continuous integration (CI) and continuous delivery (CD) pipeline for the Naval Information Warfare Center – Pacific and Naval Research and Development Establishment (NRDE) ecosystem. Using Checkmarx, more than 5,000 Navy developers and contractors now have the ability to identify, triage and remediate security vulnerabilities in their software applications throughout the software development life cycle.
Traditionally, organizations across the U.S. Department of Defense have grappled with time constraints when developing new software applications. Every federal application in development has to undergo an Authority to Operate (ATO) approval process, which historically caused delays of 18-24 months when deploying a new application.
To address this obstacle, the U.S. Navy recently released a NAVADMIN message mandating adoption of Compile to Combat in 24 Hours (C2C24), a program designed to improve operational efficiency by scaling up the ability to deliver software at the speed of relevance. Through Checkmarx’s integration into the C2C24 program, the U.S. Navy benefits from its contracted developers using the same set of testing tools to harden its CI/CD pipeline and release more secure software faster.