Print Print  
Award Information
Proposal Number: DHS SBIR-2015.OATS-15.OATS-002-0001-II
Proposal Title: A Real-Time Application Security Analyzer
Topic Number: 15.OATS-002
Phase: Phase II
Topic Title: A Real-Time Application Security Analyzer
Organization: RAM Laboratories, Inc.
Address: 591 Camino de la Reina
Suite 610
San Diego, CA 92108-3108  
Abstract: Software developers are faced with a variety of security challenges when developing and deploying new systems. The software may be subject to malicious insiders, external threats and supply chain threats that access systems through poor software hygiene or the presence of zero-day vulnerabilities that the vendor is not aware of. While an array of software assurance tools have been developed that audit code at the source code or static binary level, existing tools do not perform dynamic binary analysis with source code checking to assist developers, nor do they provide a drill-down into software libraries to assist supply chain management in gaining a compliance assessment for the entire software solution. To address these shortfalls, this project extends the research and development of RAM Laboratories' Real-Time Application Security Analyzer (RASAR) tool. RASAR currently detects and characterizes security vulnerabilities (including zero-day vulnerabilities) in both under development and 3rd party software through source code analysis and dynamic binary instrumentation. This project will add capabilities to the tool suite that prioritize the vulnerabilities as defined by Common Weakness Enumeration, correlate identified binary vulnerabilities with both vulnerabilities found in the Common Vulnerability Exposure database and available source code flaws, and provide a compliance dashboard that tracks and reports supply chain issues for the user. Additionally, audit results will be visualized by the user through the use of a compliance dashboard. The resulting tool will be integrated within the Software Assurance Marketplace.
Award/Contract Number: D15PC00249
Period of Performance: 09/28/2015 - 10/13/2017
Award/Contract Value: $749,993.51
Award/Obligated Amount: $749,993.51