OpenSky Corporation, an IT consulting firm focused on transformational IT infrastructure, security
and compliance, has been granted a provisional patent by the US Patent Office for an innovative method to accurately calculate perceived versus real application risks. The patent number 61/901,906, entitled “Vulnerability Risk Evaluation for Computer Applications Under Development,” provides for a more accurate risk-based decision-making process than any other method available today.
Application assessment options today do not take into account the application attributes when computing risk. OpenSky’s patented method is unique in both approach and design. It goes beyond CVSS, CWE, and CAPEC to include key attributes and view of the application, including data
classification, authentication, cohesion, data type, complexity and coupling. The patent covers deployed applications as well as applications under development and will benefit a variety of industries, including healthcare, insurance, asset management, banking, education and technology manufacturing.
Mark Wireman, the patent’s founder and National Practice Lead for Application Security at OpenSky, has more than 12 years of experience in application development. He focuses on application security from a process and practice perspective within the Department of Defense, financial, and healthcare sectors.
“Companies expend a significant amount of time and money attempting to remediate inaccurately identified vulnerabilities,” said Wireman. “The patented method provides a more accurate assessment through a real risk perspective of the vulnerabilities by including the application’s view and context. This provides organizations with accurate information for prioritizing remediation expenditures and helps improve enterprise
security by reducing risk in the most cost-effective manner.”
Application security has become a top IT concern for organizations. The surface of attacks targeting applications and data has expanded from web into mobile
systems, making the rapid adoption of detection and protection
concepts and technologies critical for all enterprises. The Open Web Application Security Project (OWASP) recommends that organizations establish an application security program to gain insight and improve security across their application portfolio.
landscape for application security constantly changes with attackers making advances, innovative technologies plagued with new weaknesses, and increasingly complex IT ecosystems,” said Roger Levasseur, President and CEO of OpenSky. “OpenSky will use the patented process to help our clients better manage risks associated with applications.”
OpenSky performs application security assessments in all phases of the Software Development Lifecycle (SDLC), from development and quality assurance through deployment, maintenance, and auditing of web and mobile applications. Its repeat, on-demand Security Assessments as a Service (SAaaS) plug into an organization’s IT risk management program and enable cost-effective management of risk in an organization’s own environment. SAaaS include application and mobile application security, merger and acquisition security and third-party evaluations.
About OpenSky Corporation