Wednesday, September 2, 2009

Seeking Compliance & Facing Enormous Upgrade, the U.S. General Services Administration Embarks on Path to Eradicate Vulnerabilities

Originating Page


The General Services Administration (GSA) is an independent agency of the United States government, which supports the mission of other federal agencies by providing workplaces, solutions, acquisition services and management policies.

When the GSA decided to eradicate vulnerabilities before rolling out a major update of a distributed ERP application, they set out to find a solution that would support them in ensuring that the applications were secure from the inside out.

In seeking to comply with FISMA compliance requirements as well as NIST and GAO policies, the GSA realized that they needed a solution that could scale to both proactively address growing application security compliance concerns as well as perform rapid analysis of immense volumes of code, all designed to protect private data.


The Ounce Labs solution allows the GSA to effectively address key data privacy protection objectives and standards. Out of the box, Ounce's unique software risk analysis capabilities enabled Certification and Accreditation professionals to rapidly analyze multi-million lines of code applications and have access to the latest relevant vulnerability and remediation information, right at their fingertips, while their developers found that they could accurately pinpoint vulnerabilities right to the line of code, and remediate those flaws in a fraction of the time it would have taken otherwise.

With the size and complexity of today's enterprise applications, it is seldom feasible to rely solely on manual methods to effectively identify and remediate vulnerabilities. The GSA is now leveraging Ounce Labs' unique capabilities of efficiently and accurately scanning and reporting on their large scale applications.