Citadel Security Software Awarded Certificate of OVAL Compatibility; Enterprise Vulnerability Management Leader First to Remediate Vulnerabilities Identified within OVAL Results Schema.DALLAS -- Citadel Security Software Inc. (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on :CDSS CDSS California Department of Social Services CDSS Clinical Decision Support Systems CDSS Country Dance and Song Society CDSS Canadian Down Syndrome Society CDSS Community Day Secondary Schools (Malawi) ), a leader in enterprise vulnerability management and policy enforcement, today announced its Hercules(R) solution has been certified as fully compliant and compatible with MITRE's Open Vulnerability Assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. Language OVAL-ID and OVAL Results Schema, a standardized format for presenting data from a system evaluated by OVAL, enabling customers to remediate vulnerabilities identified by OVAL-compatible scanning tools. With a myriad of different ways to describe and report on vulnerabilities, organizations face the challenge of integrating the output of various tools in order to report and act on their results. By providing interoperability between tools for vulnerability identification and management, OVAL facilitates the exchange of information that can extend a unified solution across the enterprise. The OVAL Compatibility Process is a formal evaluation of information submitted by the vendors of security products and services. The testing and certification process assures buyers that security products meet the criteria set out by the OVAL Effort to prove they are OVAL compatible. Citadel was awarded the Certificate of OVAL Compatibility at a ceremony held on November 14, 2005 during the Computer Security Institute (CSI CSI Crime Scene Investigator CSI CompuServe, Inc. CSI Commodity Systems, Inc. CSI Commodity Systems Inc. (Boca Raton, FL) CSI Crime Scene Investigation (CBS TV show) CSI Christian Schools International ) 32nd annual Computer Security Conference and Exhibition in Washington, D.C. "Citadel's Hercules is able to import output produced in OVAL Results Schema format from vulnerability scanners or other network tools to quickly remediate vulnerabilities," said Kent Landfield, Security Group Director for Citadel, an OVAL Board member and CVE (Common Vulnerabilities and Exposures) A list of information security exposures and vulnerabilities sponsored by US-CERT and maintained by the MITRE Corporation. Editorial Board member. "To achieve the OVAL compatibility certification, we successfully tested Hercules with the MITRE testing tools and data and with OVAL Results from two vulnerability assessment products." "Citadel is an active participant in OVAL development and we welcome their contribution towards adoption of standards and integration between security tools," said Bob Martin, OVAL Compatibility Lead, The MITRE Corporation (body) MITRE Corporation - A US federally funded R&D center, spun off in 1958 from the MIT Lincoln Laboratory (also an FFRDC). MITRE is a non-profit corporation chartered to do R&D in the public interest. . "As the first vulnerability management company to achieve CVE and OVAL Results Schema and OVAL-ID Compatibility Certification, Citadel continues to demonstrate its leadership and commitment to improving vulnerability assessment and remediation for the international security community." "We are proud to contribute to the leadership efforts on providing interoperability standards for the global security community with OVAL compatibility," said Carl Banzhof, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. of Citadel Security Software and OVAL Board member. "Through our work with DISA 1. (body) DISA - Defense Information Systems Agency. 2. (standard) DISA - Data Interchange Standards Association. we understand why federal agencies rely on OVAL vulnerability identification and reporting standards and are dedicated to providing the compatibility and integration that can greatly ease their vulnerability management burden." About The Open Vulnerability and Assessment Language Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and (OVAL) Initiative In 2002, MITRE created the OVAL Initiative building upon the success of the international CVE Initiative. OVAL fosters the development of a language to determine the presence of vulnerabilities and configuration issues on computer systems. By providing a standard language to describe computer state issues, OVAL provides a means to allow different information security tools and services to interoperate and share computer system state information easier. The OVAL Board includes numerous information security related organizations including commercial security tool vendors, operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. software vendors, members of academia, research institutions, government agencies, and other prominent security experts who work together to foster the integration and direction of OVAL. The OVAL Initiative is funded by the U.S. Department of Homeland Security Noun 1. Department of Homeland Security - the federal department that administers all matters relating to homeland security Homeland Security executive department - a federal department in the executive branch of the government of the United States . About The MITRE Corporation MITRE (www.mitre.org) is a not-for-profit national resource that provides systems engineering, research and development, and information technology support to the government. It operates federally funded research and development centers Federally Funded Research and Development Centers (FFRDCs) conduct research for the United States Government. They are administered in accordance with U.S Code of Federal Regulations, Title 48, Part 35, Section 35.017 by universities and corporations. for the Department of Defense, the Federal Aviation Administration Federal Aviation Administration (FAA), component of the U.S. Department of Transportation that sets standards for the air-worthiness of all civilian aircraft, inspects and licenses them, and regulates civilian and military air traffic through its air traffic control and the Internal Revenue Service, with principal locations in Bedford, Mass., and McLean, Va. About Citadel Hercules With its award-winning Hercules Security Compliance and Vulnerability Remediation software solutions, Citadel helps protect an organization's network against all five classes of vulnerabilities - software defects or patches, unsecured accounts, unnecessary services, mis-configurations, and backdoors - across a multi-platform, multi-device environment. By automating vulnerability remediation and policy enforcement processes, Citadel's customers, including the U.S. Department of Defense, U.S. Department of Veterans Affairs Veterans Affairs is a term of the business that deals with the relation between a government and its veteran communities, usually administered by the designated government agency. , MCI (1) (Media Control Interface) A high-level programming interface from Microsoft and IBM for controlling multimedia devices. It provides commands and functions to open, play and close the device. (2) (Microwave Communications Inc. and AutoZone, have a more effective approach to protecting sensitive data and enforcing security policies across their network. About Citadel Citadel Security Software (NASDAQ:CDSS) delivers security solutions that enable organizations to manage risk, reduce threats and enforce compliance with security policies and regulations. Citadel's proven architecture provides a business process to manage the increasing volume, frequency, and complexity of cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. security attacks. Citadel combines the world's largest active library of remediations spanning all classes of vulnerabilities with a proven delivery methodology to dramatically streamline vulnerability management and security compliance and provide ROI (Return On Investment) The monetary benefits derived from having spent money on developing or revising a system. In the IT world, there are more ways to compute ROI than Carter has liver pills (and for those of you who never heard of that expression, it means a lot). from the first use. Citadel solutions are used across the Department of Defense, at the Veterans Administration, and within other government and commercial organizations. For more information on Citadel, visit www.citadel.com, or call 888-8CITADEL. Safe Harbor/Forward-looking Statements: This press release may contain forward-looking statements that are intended to be subject to the safe harbor Safe Harbor 1. A legal provision to reduce or eliminate liability as long as good faith is demonstrated. 2. A form of shark repellent implemented by a target company acquiring a business that is so poorly regulated that the target itself is less attractive. protection provided by Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These statements relate to future events or future financial performance and involve known and unknown risks and uncertainties that may cause actual results or performance to be materially different from those indicated by any forward-looking statements. In some cases, you can identify forward-looking statements by terminology such as "forecast," "may," "will," "could," "should," "anticipate," "expect," "plan," "believe," "potential" or other similar words indicating future events or contingencies. Some of the things that could cause actual results to differ from expectations are: uncertainties related to the issuance of a patent by the United States Patent and Trademark Office The United States Patent and Trademark Office (PTO or USPTO) is an agency in the United States Department of Commerce that provides patent protection to inventors and businesses for their inventions, and trademark registration for product and intellectual property ; the possibility of other intellectual property rights held by third parties related to the technology ; uncertainty related to projected cost savings from restructuring activities; the economic and geopolitical ge·o·pol·i·tics n. (used with a sing. verb) 1. The study of the relationship among politics and geography, demography, and economics, especially with respect to the foreign policy of a nation. 2. a. environment; changes in the information technology spending trends; the uncertainty of funding of government and corporate information technology security projects; the variability of the product sales cycle, including longer sales cycles for government and large commercial contracts; the uncertainty that the company's prospective deals will result in final contracts; the potential changes in the buying decision makers during a customer purchasing cycle; the complexities in scope and timing for finalization of contracts; the fluctuations in product delivery schedules; a lack of Citadel operating history; uncertainty of product development and acceptance; uncertainty of ability to compete effectively in a new market; the uncertainty of profitability and cash flow of Citadel; intellectual property rights and dependence on key personnel; economic conditions; the continued impact of terrorist attacks, global instability and potential U.S. military involvement; the competitive environment and other trends in the company's industry; the effects of inflation; changes in laws and regulations; changes in the company's business plans, including shifts to new pricing models that may cause delays in licenses; interest rates and the availability of financing; liability, legal and other claims asserted against the company; labor disputes; and the company's ability to attract and retain qualified personnel. For a discussion of these and other risk factors, see the company's Annual Report on Form 10-KSB for the year ended December 31, 2004 and the company's Quarterly Report on Form 10-Q Form 10-Q See 10-Q. for the quarter ended September 30, 2005. All of the forward-looking statements are qualified in their entirety by reference to the risk factors discussed therein. These risk factors may not be exhaustive. The company operates in a continually changing business environment, and new risk factors emerge from time to time. Management cannot predict such new risk factors, nor can it assess the impact, if any, of such new risk factors on the company's business or events described in any forward-looking statements. The company disclaims any obligation to publicly update or revise any forward-looking statements after the date of this report to conform them to actual results. Editors Note: Citadel is a trademark and Hercules(R) is a registered trademark of Citadel Security Software. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion