Code Ray: Software Assurance Risk Management Framework for Hybrid Analysis Mapping

Award Information
Agency:
Department of Homeland Security
Branch
n/a
Amount:
$965,865.73
Award Year:
2014
Program:
SBIR
Phase:
Phase II
Contract:
D14PC00060
Award Id:
n/a
Agency Tracking Number:
HSHQDC-13-R-00009-H-SB013.1-002-0002-II
Solicitation Year:
2013
Solicitation Topic Code:
H-SB013.1-002
Solicitation Number:
HSHQDC-13-R-00009
Small Business Information
6 Bayview Avenue, Northport, NY, 11768-1502
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
602262222
Principal Investigator:
KennethProle
Principal Investigator
(631) 759-3907
ken.prole@securedecisions.com
Business Contact:
KellyBennett
Controller
(631) 759-3920
kelly.bennett@avi.com
Research Institute:
n/a
Abstract
Secure Decisions is developing a software assurance risk management technology called "Code Ray" to: (1) Improve the speed, accuracy and confidence in detection of vulnerabilities by cross-mapping and normalizing the output of hybrid application security testing (HAST) techniques -- dynamic analysis, dynamic tracing, static analysis and contextual analysis. (2) Enhance prioritization and mitigation of vulnerabilities by providing both the run-time context for those vulnerabilities and their mapping to industry and regulatory security standards. (3) Improve the rapid comprehension and assessment of risks associated with vulnerabilities by delivering results in a risk management framework with risk metrics, dashboard, visual analytics, and reporting. (4) Support the education of programmers and security analysts in HAST. We start Phase II with a working TRL4 prototype completed at the end of Phase I. We will iteratively develop and deliver three progressively more-mature versions of Code Ray to the Software Assurance Marketplace (SWAMP), reaching TRL8 by Month 24. We will incrementally add functionality from each of the iterations to the existing Code Dx product, and integrate HAST capabilities in a Security Information Event Management (SIEM). We will also deliver an educational version of Code Ray to assist in teaching secure coding practices. During the proposed 18-month Phase II Option, commencing in Month 25, we will subject Code Ray to full-scale operational use in the SWAMP and in several DHS operational deployments. We will use feedback from the SWAMP users, educators, and operational sites to reach TRL9 within the Phase II Option period.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government