ThreadFix integration into DevOps tool chain reduces time in the software accreditation process
SAN ANTONIO--(BUSINESS WIRE)--Denim Group, the leading independent application security firm, today announced that it has been awarded a Phase 1 Small Business Innovative Research (SBIR) contract to accelerate distributed software delivery to Air Force operators. The Air Force will implement Denim Group’s vulnerability resolution platform, ThreadFix, to integrate DevSecOps functions to software builds and deployments that will enable the operators to adapt to missions in real time and support continuous accreditation processes like Authority to Operate (ATO).
“The award of this contract is an acknowledgement by the Department of Defense and the Air Force of the need to accelerate the software support of impending missions and of the requirement to build software more rapidly,” said Denim Group Principal and former Air Force cyber officer John Dickson. “Pressures to rapidly build and deploy software drive the need to deliver new capabilities through DevSecOps pipelines. As an added complication, each piece of software delivered must achieve ATO prior to its implementation, a process that can take months, or years, to ensure it will not compromise national security.”
ThreadFix has been used by defense and intelligence organizations for the past three years as a component of their toolchains to automate capability development. It has also been implemented into the Risk Management Framework (RMF) Assessment and Authorization (A&A) processes for updating or creating applications. Having ThreadFix integrated into the DevOps tool chain will help avoid delays in accreditation that can last 12 to 24 months. These streamlined operations will reduce ATO approval processes for agencies to assure mission capabilities are deployed to respond to conflict at any time, or location.
Under the awarded AFWERX SBIR contract, capabilities will be added to ThreadFix to support Air Force software factories and programs that perform DevSecOps functions for operators. During the first three months of the contract Denim Group will work with various innovative Air Force programs, including Platform One and Unified Platform, to drive continuous software delivery, feedback and learning. The need to inject agility and responsiveness into environments that have traditionally struggled to keep pace with modern development approaches will only continue to increase in the coming decade. Denim Group is poised to support this evolution.
The Air Force Research Laboratory (AFRL) and Air Force AFWERX partnered to streamline the SBIR process in an attempt to speed up the experience, broaden the pool of potential applicants and decrease bureaucratic overhead. Beginning in SBIR 18.2, and now in 19.3, the Air Force has begun offering 'Special' SBIR topics that are faster, leaner and open to a broader range of innovations.
For additional information about SBIR please see the Airmen Guide to SBIR please click here.
On Tuesday, Jan. 28 at 10:00amCT, John Dickson and Dan Cornell will be hosting a webinar titled, Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial Insights to the DoD. To register, please click here.
About Denim Group
Denim Group is the leading independent application security firm, serving as a trusted advisor to customers on matters of application risk and security. The company helps organizations assess and mitigate application security risk. Denim Group’s flagship ThreadFix platform accelerates the process of application vulnerability remediation, reflecting the company’s rich understanding of what it takes to fix application vulnerabilities faster.
Kate D. Shapiro