Hybrid Analysis Mapping (HAM)

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: D14PC00071
Agency Tracking Number: HSHQDC-13-R-00009-H-SB013.1-002-II
Amount: $749,860.22
Phase: Phase II
Program: SBIR
Awards Year: 2014
Solitcitation Year: 2013
Solitcitation Topic Code: H-SB013.1-002
Solitcitation Number: HSHQDC-13-R-00009
Small Business Information
Denim Group, LTD
3463 Magic Drive, Suite 315, San Antonio, TX, 78229-2992
Duns: 141935457
Hubzone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Dan Cornell
 Chief Technology Officer
 (210) 572-4400
Business Contact
 Brian Mather
Title: Product Manager
Phone: (210) 572-4400
Email: brian@denimgroup.com
Research Institution
Develop a system that can reliably and efficiently correlate and merge the results of open-source and commercial automated static and dynamic security scanning technologies, using common data structure standards for both automated static and dynamic security scanning results; building methods of matching the results of automated static and dynamic tools. The goal of Phase II will be to deliver a fully functional product that can correlate and merge the results of four (4) open-source and commercial automated static and four (4) dynamic security scans of web applications. Commercialization plans involve integrating Hybrid Analysis Mapping with Denim Group's existing ThreadFix product: a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and integrate with software defect tracking systems. It is currently commercialized using a common and tested "open source" business model where the base technology is made available for free under an open source software license. This will increase the adoption of the technology by allowing any organization access to the software without requiring licensing fees. However, organizations that require commercial support for their customized use of the technology can purchase support contracts. In addition, organizations that wish to customize or extend the functionality of the technology will be required to pay for access to these services. Phase 2 plans include making the technology available under a cloud "software as a service" (SaaS) model removing the requirements of configuring, installing and maintaining their own systems.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government