What is Software Supply Chain Assurance (SSCA)?
Software, Supply Chain Assurance is the process of uncovering and mitigating vulnerabilities in code and violations of secure programming best practices to uncover backdoors, and identify poor input validation, unchecked buffers, session strength, among other weaknesses. TestPros provides independent Software, Supply Chain Assurance (SSCA) services including automated and line-by-line independent source code analyses, assisted by best-of-breed automated scanning tools.
All organizations depend on critical software applications for key aspects of operation. The need for application security services is being driven by several factors, including off-shore development, pervasive computing devices, wireless devices, third-party compliance, privacy, smart cards and biometrics. It is critical that the software developed or procured is free of critical exploitable vulnerabilities.
Approach
To assure IT Systems are free of intentional or unintentional security threats, TestPros’ SSCA service offering provides a thorough independent security analysis of source code, combining software security expertise with extensive software development experience. The service uncovers vulnerabilities in code and violations of secure programming best practices to uncover backdoors, and identify poor input validation, unchecked buffers, session strength, among other weaknesses – helping development teams “Build Security In.” Our cybersecurity experts ensure the most comprehensive application security assessment possible through manual code reviews assisted by best-of-breed automated scanning tools. We use both commercial tools such as Fortify, as well as open source tools.
TestPros constantly tracks industry good practices in Software, Supply Chain Assurance, using guidance from commercial and U.S. Federal government sources including HIPAA, Open Web Application Security Project (OWASP), NIST, DHS (Build-Security-In), MITRE’s Common Weakness Enumeration (CWE), MITRE’s Common Attack Pattern Enumeration and Classification, SWAMP, and others. We also address Supply Chain Resource Management (SCRM), which extends the SSCA concept to address the entire chain of custody for hardware and software systems.
Experience
A key member of the United States military industrial complex contracted TestPros to provide software assurance services, including software source code security risk and vulnerability assessments, based on NSA, DHS, NIST, FedRAMP, and DOD security policies, for over 1 Million lines of source code.
For additional information about our SSCA services, contact us today!