The General Services Administration (GSA) is seeking feedback from the private sector on existing application security testing capabilities for Federal agencies.
Federal agencies need to employ sophisticated tools that can statically and dynamically analyze applications for detectable weaknesses. However, to defend against adversaries, Federal agencies will also have to go beyond automated capabilities and employ deep technical cybersecurity expertise to manually analyze how government applications work and how they can be subverted.
Therefore, to support this effort, GSA is seeking information about the availability of application security testing capabilities. This includes, “manual expert analysis as well as automated tools, to discover security flaws in Federal applications and provide actionable results,” the agency said in a request for information (RFI) posted on SAM.gov.
“The U.S. government is focused on increasing the depth, rigor, and creativity of its approach to application security testing so that it sees and analyzes its applications as its adversaries do,” the agency added.
One of the primary goals of this effort is to build an understanding of the complexity and diversity of this marketplace, ensuring Federal agencies can make the greatest use of the services, technologies, and toolsets available.
Respondents have until September 30 to answer questions posed by GSA through the RFI.