Technology Sectors

Market Sectors

Source code analysis sought by Pentagon’s U.S. Transportation Command

Mon, 2010-02-08 12:27 PM
By: Jacob Goodwin

The Defense Department’s U.S. Transportation Command is requesting information from potential vendors who could perform a “source code analysis” – looking for security vulnerabilities such as cross-site scripting, injection flaws and malicious file executions – in eight different software programs used by the Command.

USTRANSCOM emphasized in a sources-sought notice published online on January 28 that it has not yet decided if it will issue a formal Request For Proposals (RFP).

It wants to hear from firms capable of undertaking a manual line-by-line review of its software, rather than using an automated methodology.

The selected vendor, if any, would be expected to “evaluate code for areas that may result in security threats,” said the notice, including, but not limited to:

  • Cross-site scripting;
  • Injection flaws;
  • Malicious file execution;
  • Insecure direct object reference;
  • Cross-site request forgery; and
  • Broken authentication and session management.

Interested prospective vendors are asked to submit white papers (to a maximum of five pages) outlining their capabilities by February 11. Further information is available from Andrea Mouser at andrea.mouser@ustranscom.mil or 618-256-9609.

 

Tags:
 
  • Share/Save
  • Email this page
  • Printer-friendly version
 

Recent Videos

GSN 2011 Awards Dinner and Sponsor Interviews: John Clark, President and CEO, The Whitestone Group
It's been a banner year for the Whitestone Group, according to John Clark, CEO of the facility security, asset/force protection and investigations...
GSN 2011 Awards Dinner and Sponsor Interviews: Jeff Horne, Practice Manager, Malware Solutions, Accuvant Inc
Jeff Horne explains that Denver, CO-based Accuvant , Inc has two different businesses – the Value Added Reseller (VAR) side, in which it is one of...
GSN 2011 Award Winners and Sponsor Interviews: Dave Natelson, President, Nasatka Security
GSN caught up with Dave Natelson for a quick interview at the Cocktail Reception at the 2011 Awards Dinner, before he learned that Nasatka had earned...
GSN 2011 Award Winners and Sponsor Interviews: Ann Pickren, VP Solutions, MIR3,Inc
Ann Pickren discusses MIR3’s Mass Notification System that was awarded a Winner’s Trophy in GSN’s 2011 Homeland Security Awards Program. She explains...
GSN 2011 Awards Dinner: Presentation of 1st Annual GSN/Raytheon Award for Distinguished Leadership and Innovation in Public Safety and Security to Admiral Thad Allen, former USCG Commandant (Ret.)
Former Coast Guard Commandant Thad Allen, who served through a long and distinguished career in the United States Coast Guard and later answered the...
More Recent Videos

Upcoming Events

Event Details Dates of Event
SANS Phoenix 2012 Feb 13 - 18
Gov TechTalks Lunch & Learn Session 7: Application Security Feb 15 - 15
SANS Secure India 2012 Feb 20 - 25
The Airport Law Enforcement Symposium Feb 23-24, 2012 Feb 23 - 24
Learn How to Simplify Data Management and Reduce Storage Costs - with Steak & Eggs Feb 23 - 23
Physical Security: Introductory Applications and Technology Feb 27 - Mar 1
Conducting Corporate Investigations Feb 27 - 28
ISC CHINA 2012 (International Security Conference & Exposition CHINA) Feb 27 - 29
RSA Conference 2012 Feb 27 - Mar 2
SAP Public Sector Partner Exchange Feb 28 - 28
SANS Secure Singapore 2012 Mar 5 - 17
SANS Germany 2012 Mar 5 - 10
Homeland Security Finance Forum 2012 Mar 6 - 6
Basic Hands-On CAMEO Training Mar 12 - 14
ASIS Assets Protection Course: Principles of Security (APC I) Mar 12 - 15
SANS Mobile Device Security Summit 2012 Mar 12 - 15
Aviation Week's Innovation Challenge Showcase Mar 13 - 14
Symantec Government Technology Summit Mar 20 - 20
STI at SANS 2012 Mar 23 - 30
SANS 2012 Mar 23 - 30
The 9th Two Day Conference On Indian Medical Devices & Plastics Disposables Industry 2012 Mar 23 - 24
SANS Northern Virginia 2012 Apr 15 - 20
Active Shooter Apr 18 - 19
SANS AppSec 2012 Apr 24 - May 2
SANS Cyber Guardian 2012 Apr 30 - May 7
Telework Exchange Spring 2012 Town Hall Meeting May 2 - 2
5th Sample Prep - Sample Preparation for Virus, Toxin, & Pathogen Detection & Identification May 3 - 4
SANS Security West 2012 May 10 - 18
SANS Toronto 2012 May 14 - 19
Counter Terror Expo US May 16 - 17
CEIC 2012 (Computer and Enterprise Investigations Conference) May 21 - 24
SANS Rocky Mountain 2012 Jun 4 - 9
Data Center Brainstorm 2012 Jun 19 - 19
SANS Forensics and Incident Response Summit 2012 Jun 21 - 27
Vanguard Security & Compliance 2012 Jun 25 - 28
SANS Canberra 2012 Jul 2 - 10

Full 2011 Calendar