Latest News Releases

The U.S. Navy’s NIWC Pacific Selects Checkmarx to Accelerate Application Development, Bolstering Nation’s Security Posture Against Adversaries

Strategic partnership will speed up the process of making new naval applications available from 24 months to 24 hours, while strengthening software security within C2C24 program

NEW YORK – August 19, 2019Checkmarx, the global leader in software security solutions for DevOps, has been awarded a contract with the U.S. Navy’s Naval Information Warfare Center Pacific to accelerate the development and delivery of secure software applications. Following a competitive evaluation process, Naval Information Warfare Center Pacific (NIWC PAC) selected Checkmarx due to the solution’s ability to fully support a DevSecOps culture through quickly and incrementally scanning software source code from its inception to deployment.

Through the implementation of its industry-leading software composition analysis (CxOSA) and static application security testing (CxSAST) solutions, Checkmarx will help to measurably improve software security during the continuous integration (CI) and continuous delivery (CD) pipeline for the Naval Information Warfare Center – Pacific and Naval Research and Development Establishment (NRDE) ecosystem. Using Checkmarx, more than 5,000 Navy developers and contractors now have the ability to identify, triage and remediate security vulnerabilities in their software applications throughout the software development life cycle.

Traditionally, organizations across the U.S. Department of Defense have grappled with time constraints when developing new software applications. Every federal application in development has to undergo an Authority to Operate (ATO) approval process, which historically caused delays of 18-24 months when deploying a new application.

To address this obstacle, the U.S. Navy recently released a NAVADMIN message mandating adoption of Compile to Combat in 24 Hours (C2C24), a program designed to improve operational efficiency by scaling up the ability to deliver software at the speed of relevance. Through Checkmarx’s integration into the C2C24 program, the U.S. Navy benefits from its contracted developers using the same set of testing tools to harden its CI/CD pipeline and release more secure software faster.

“The stark reality is that it takes an adversary less than 24 hours to weaponize an exploit that targets a newly discovered vulnerability in a deployed application. In order to properly combat against these evolving threats, speed, along with accuracy and security, is critical when developing government software applications,” said Rich Wajsgras, Vice President of US Federal, Checkmarx. “We’re proud to be working closely with NIWC PAC and integrating into its already impactful C2C24 program. Together, we’ll pave the way to faster, more-secure application development while influencing the entire U.S. government sector.”

The U.S. Navy will benefit from CxOSA combined with CxSAST as part of the Checkmarx Software Security Platform, improving overall software security posture while reducing total cost of ownership. The Checkmarx platform tightly integrates SAST, SCA, IAST and developer training via a unified management and orchestration layer to mitigate risk across the entire software development life cycle.

For more information on CxOSA and CxSAST, request a free demo of the Checkmarx Software Security Platform today.

# # #

About Checkmarx

Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry’s most comprehensive Software Security Platform that unifies with DevOps and provides static and interactive application security testing, software composition analysis and developer AppSec training to reduce and remediate risk from software vulnerabilities. Checkmarx is trusted by more than 40 percent of the Fortune 100 and half of the Fortune 50, including leading organizations such as SAP, Samsung and Salesforce.com. Learn more at www.checkmarx.com.

Tags: Checkmarx

Recent Posts

Building an Open Source Observability Platform

By investing in open source frameworks and LGTM tools, SRE teams can effectively monitor their apps and gain insights into…

24 hours ago

To Devin or Not to Devin?

Cognition Labs' Devin is creating a lot of buzz in the industry, but John Willis urges organizations to proceed with…

1 day ago

Survey Surfaces Substantial Platform Engineering Gains

While most app developers work for organizations that have platform teams, there isn't much consistency regarding where that team reports.

2 days ago

EP 43: DevOps Building Blocks Part 6 – Day 2 DevOps, Operations and SRE

Day Two DevOps is a phase in the SDLC that focuses on enhancing, optimizing and continuously improving the software development…

2 days ago

Survey Surfaces Lack of Significant Observability Progress

A global survey of 500 IT professionals suggests organizations are not making a lot of progress in their ability to…

2 days ago

EP 42: DevOps Building Blocks Part 5: Flow, Bottlenecks and Continuous Improvement

In part five of this series, hosts Alan Shimel and Mitch Ashley are joined by Bryan Cole (Tricentis), Ixchel Ruiz…

2 days ago