Hybrid Analysis Mapping (HAM)

Award Information
Agency:
Department of Homeland Security
Branch
n/a
Amount:
$374,966.82
Award Year:
2014
Program:
SBIR
Phase:
Phase II
Contract:
D14PC00071
Award Id:
n/a
Agency Tracking Number:
HSHQDC-13-R-00009-H-SB013.1-002-II
Solicitation Year:
2013
Solicitation Topic Code:
H-SB013.1-002
Solicitation Number:
HSHQDC-13-R-00009
Small Business Information
3463 Magic Drive, Suite 315, San Antonio, TX, 78229-2992
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
141935457
Principal Investigator:
DanCornell
Chief Technology Officer
(210) 572-4400
dan@denimgroup.com
Business Contact:
BrianMather
Product Manager
(210) 572-4400
brian@denimgroup.com
Research Institute:
n/a
Abstract
Develop a system that can reliably and efficiently correlate and merge the results of open-source and commercial automated static and dynamic security scanning technologies, using common data structure standards for both automated static and dynamic security scanning results; building methods of matching the results of automated static and dynamic tools. The goal of Phase II will be to deliver a fully functional product that can correlate and merge the results of four (4) open-source and commercial automated static and four (4) dynamic security scans of web applications. Commercialization plans involve integrating Hybrid Analysis Mapping with Denim Group's existing ThreadFix product: a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and integrate with software defect tracking systems. It is currently commercialized using a common and tested "open source" business model where the base technology is made available for free under an open source software license. This will increase the adoption of the technology by allowing any organization access to the software without requiring licensing fees. However, organizations that require commercial support for their customized use of the technology can purchase support contracts. In addition, organizations that wish to customize or extend the functionality of the technology will be required to pay for access to these services. Phase 2 plans include making the technology available under a cloud "software as a service" (SaaS) model removing the requirements of configuring, installing and maintaining their own systems.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government