The U.S. Department of Defense (DoD) takes cybersecurity to new levels. Platform One, a program based out of the U.S. Air Force Office of the Chief Software Officer, builds and secures technology tools across the military that are used to “guide, empower, equip, and accelerate DoD program offices and weapon systems through their DevSecOps journeys.” The organization’s vision is to “create an innovative, collaborative, and unified defense department that delivers freedom through continuous integration and continuous deployment.”
Platform One Enables Secure Modern Software at DevOps Speed
Platform One is a transformative initiative with outcomes that include:
- Deployment of mission code to the warfighter quickly and securely
- Acceleration of deployment capabilities by providing an 85% solution to get you started faster
- Provision of a common code base for reusability
- Collaborative environment that breaks down silos and enables governmentwide cross-functionality
Platform One provides Iron Bank with a pre-approved repository of containers that have cleared stringent DoD requirements for DoD software developers. Choosing solutions from Platform One streamlines the cloud-based development process and helps federal agency DevOps teams to quickly build and release critical software applications in a secure, agile, and efficient manner.
Contrast Application Security Platform Accepted Into Platform One
Contrast Security is pleased to announce that its entire Application Security Platform has been accepted into the DoD’s Platform One approved application portal. The designation provides Certificate to Field (CtF) for DoD application developers to deploy the Contrast platform of end-to-end solutions to assess and remediate security risks within applications across the entire software development life cycle (SDLC) and to block attacks against software in production before they can exploit vulnerabilities.
Now that the Contrast Application Security Platform has been accepted into Platform One, DoD teams wanting to use the Contrast Application Security Platform no longer need to go through a lengthy auditing and approval process required to obtain Authorization to Operate (ATO) but rather can put the Contrast platform to work immediately for continuous security observability of applications by seamlessly integrating it into the IDE, developer workflows, and continuous integration/continuous deployment (CI/CD) pipelines.
Core Elements of the Contrast Application Security Platform
Three core elements comprise the Contrast Application Security Platform:
Contrast Assess. Automatically detects vulnerabilities in real time while developers are writing code. Contrast Assess uses instrumentation to embed security within the software and follow routes exercised. This enables continuous and accurate assessment that virtually eliminates false positives and false negatives and empowers developers to remediate vulnerabilities themselves during early stages of development.
Contrast OSS. Detects and assesses the risk of open-source software (OSS) components used in the application build. Contrast OSS triggers alerts when risks and policy violations are detected—both security and licensing related—allowing developers to update proper versioning and usage.
Contrast Protect. Continuous analysis of runtime application self-protection (RASP) that confirms exploitability before blocking an attack. This eliminates false positives that plague perimeter defense solutions such as web application firewalls (WAFs). Contrast Protect’s always-on protection detects and prevents both known vulnerabilities and unknown vulnerabilities from exploit.
With the Contrast Application Security Platform, developers can ensure application security from the inside with continuous assessment and protection. Unlike most application security solutions that evaluate after the fact and capture point-in-time views, Contrast leverages instrumentation to embed security within the application—from development through production. This eliminates security bottlenecks in development, reduces false positives and negatives, and scales security assurance across the application life cycle.
Because Contrast operates from within the application itself, it can monitor all parts of the application, including microservices, custom code, application programming interfaces (APIs), and open-source libraries and frameworks. Moreover, Contrast’s real-time, continuous assessment substantially improves efficiency for DoD constituents by detecting and remediating problems immediately while its accurate, always-on protection capabilities block attacks on software in production before they can exploit vulnerabilities.
Contrast at the Speed and Scale of Modern Software
For the DoD to achieve their objective of deterring war and protecting the security of the United States, a different approach to application security is necessitated. The Contrast Application Security Platform is purpose-built for modern software development and the growing requirements of the DoD.
For more information on the Contrast Application Security Platform and its CtF designation by Platform One, read the press release.