SECURITY INFLUENCERS BLOG

Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management

START FREE TRIAL

Contrast Application Security Platform Accepted Into Department of Defense Platform One

The U.S. Department of Defense (DoD) takes cybersecurity to new levels. Platform One, a program based out of the U.S. Air Force Office of the Chief Software Officer, builds and secures technology tools across the military that are used to “guide, empower, equip, and accelerate DoD program offices and weapon systems through their DevSecOps journeys.” The organization’s vision is to “create an innovative, collaborative, and unified defense department that delivers freedom through continuous integration and continuous deployment.”

Platform One Enables Secure Modern Software at DevOps Speed

Platform One is a transformative initiative with outcomes that include:

  • Deployment of mission code to the warfighter quickly and securely
  • Acceleration of deployment capabilities by providing an 85% solution to get you started faster
  • Provision of a common code base for reusability
  • Collaborative environment that breaks down silos and enables governmentwide cross-functionality

Platform One provides Iron Bank with a pre-approved repository of containers that have cleared stringent DoD requirements for DoD software developers. Choosing solutions from Platform One streamlines the cloud-based development process and helps federal agency DevOps teams to quickly build and release critical software applications in a secure, agile, and efficient manner.

Contrast Application Security Platform Accepted Into Platform One

Contrast Security is pleased to announce that its entire Application Security Platform has been accepted into the DoD’s Platform One approved application portal. The designation provides Certificate to Field (CtF) for DoD application developers to deploy the Contrast platform of end-to-end solutions to assess and remediate security risks within applications across the entire software development life cycle (SDLC) and to block attacks against software in production before they can exploit vulnerabilities.

Now that the Contrast Application Security Platform has been accepted into Platform One, DoD teams wanting to use the Contrast Application Security Platform no longer need to go through a lengthy auditing and approval process required to obtain Authorization to Operate (ATO) but rather can put the Contrast platform to work immediately for continuous security observability of applications by seamlessly integrating it into the IDE, developer workflows, and continuous integration/continuous deployment (CI/CD) pipelines.

Core Elements of the Contrast Application Security Platform

Three core elements comprise the Contrast Application Security Platform:

Contrast Assess. Automatically detects vulnerabilities in real time while developers are writing code. Contrast Assess uses instrumentation to embed security within the software and follow routes exercised. This enables continuous and accurate assessment that virtually eliminates false positives and false negatives and empowers developers to remediate vulnerabilities themselves during early stages of development.

Contrast OSS. Detects and assesses the risk of open-source software (OSS) components used in the application build. Contrast OSS triggers alerts when risks and policy violations are detected—both security and licensing related—allowing developers to update proper versioning and usage.

Contrast Protect. Continuous analysis of runtime application self-protection (RASP) that confirms exploitability before blocking an attack. This eliminates false positives that plague perimeter defense solutions such as web application firewalls (WAFs). Contrast Protect’s always-on protection detects and prevents both known vulnerabilities and unknown vulnerabilities from exploit.

With the Contrast Application Security Platform, developers can ensure application security from the inside with continuous assessment and protection. Unlike most application security solutions that evaluate after the fact and capture point-in-time views, Contrast leverages instrumentation to embed security within the application—from development through production. This eliminates security bottlenecks in development, reduces false positives and negatives, and scales security assurance across the application life cycle.

Because Contrast operates from within the application itself, it can monitor all parts of the application, including microservices, custom code, application programming interfaces (APIs), and open-source libraries and frameworks. Moreover, Contrast’s real-time, continuous assessment substantially improves efficiency for DoD constituents by detecting and remediating problems immediately while its accurate, always-on protection capabilities block attacks on software in production before they can exploit vulnerabilities.

Contrast at the Speed and Scale of Modern Software

For the DoD to achieve their objective of deterring war and protecting the security of the United States, a different approach to application security is necessitated. The Contrast Application Security Platform is purpose-built for modern software development and the growing requirements of the DoD.

For more information on the Contrast Application Security Platform and its CtF designation by Platform One, read the press release. 

blog_Dod-platform_81920

 

Surag Patel, Chief Strategy Officer

Surag Patel, Chief Strategy Officer

Surag Patel brings more than a decade of experience to Contrast Security, where he serves as Chief Strategy Officer. An experienced, highly analytical product and marketing executive, Surag’s focus is in driving Contrast’s global marketing and product strategy. Prior to Contrast, Surag served as Vice President of Global Product Management and Corporate Marketing for 41st Parameter, which was acquired by Experian in 2013. Prior to 41st Parameter, Surag led global data strategy and consumer insights for InMobi, the largest global independent mobile ad network. Surag blends his experience of bringing innovative products to market with a mix of engineering expertise, product strategy and domain expertise. Prior to InMobi, Surag spent five years at comScore leading advertising effectiveness research and development of the Ad Effx™ suite of products. Surag holds a BS in Computer Engineering from Cal Poly, San Luis Obispo, and a Masters in Engineering Management from Duke University.

SUBSCRIBE TO THE BLOG