Watchfire Contributes Web Application Security Expertise to SANS for First GIAC Secure Software Programmer (GSSP) Exams, Teaching Programmers Secure Coding Best Practices

Customer Depository Trust & Clearing Corp Joins Watchfire for Speaking Panel on Countering Web Application Vulnerabilities at SANS CIO Briefing Event

WALTHAM and WASHINGTON, March 26, 2007 - Today at the SANS Institute's (www.sans.org) "CIO Briefing on Application Security and the National Secure Programming Skills Assessment," Watchfire announces its support and participation in the industry's first certification examinations for programming professionals. The GIAC Secure Software Programmer (GSSP) status is designed for security professionals interested in achieving advanced validation for expertise in the latest secure coding practices. GIAC is SANS' core certification program and stands for "Global Information Assurance Certification."

Attacks such as SQL injection and cross-site scripting are steadily increasing, and few can argue that web applications present today's most significant online security threat. Local DC area and Federal CIOs and CISOs will attend today's SANS briefing to learn how to counter these increasing application-based threats. As part of this event, Watchfire CTO Michael Weider will participate on a panel discussing common flaws in application security. Michael is joined by Watchfire AppScan customer Jim Routh, CISO, Depository Trust & Clearing Corp, who will share his experience deploying AppScan, and address how his organization successfully incorporated application security testing as a core component of the software development life cycle (SDLC).

"Application security is today's biggest online threat, and organizations struggling with how to integrate security testing into their SDLC need more than security tools—they also require accessible education. As a contributing application security partner in the early development stages of the Secure Coding Skills Assessment and GSSP certification, we are confident this training will help strengthen the software development industry and improve security as a whole," said Michael Weider, CTO, Watchfire. "Secure programming skills are essential for building software that can be trusted. We look forward to continued close work with SANS to enhance and further grow this important certification."

SANS' new GSSP secure programming certification exam provides a focused approach for programming professionals who want to improve their secure coding skills and knowledge. It also allows employers of those programmers to differentiate their organizations and help increase their competitive advantage by employing programming professionals who have successfully demonstrated their technical skills through certification.

Watchfire was an early contributor in the development stages of this important program, and helped to ensure both the exam and certification focused on the most important aspects of secure coding principles. Watchfire's best practices in web application security are drawn directly from a decade of hands-on experience securing nearly one third of the global market for web application security.

"SANS recognizes that as organized crime groups and terrorists have turned their attention to computer-based crimes and are increasingly attacking weaknesses in applications, the requirement for secure coding skills has grown. We are pleased to have Watchfire's input and expertise in web application security added to our certification program. This program will help organizations that employ programmers address that need," said Alan Paller, director of Research at the SANS Institute. "With the right skills, programmers can reduce the risk of losses caused by cyber attacks, and the certification will allow security-aware programmers to stand out in an increasingly competitive marketplace."

The examinations cover four specific programming language suites: (1) C/C++, (2) Java/J2EE, (3) Perl/PHP, (4) .NET/ASP. The exams are designed to enable reliable measurements of technical proficiency and expertise in identifying and correcting the common programming errors that lead to security vulnerabilities.

About the SANS Institute
SANS is the most trusted and the largest source for information security training and certification in the world. Its 55,000 alumni who include over 14,000 who have passed challenging certification examinations, lead security teams and efforts in more than 80 countries around the world. In 2005, SANS won unanimous approval from the Maryland Higher Education Commission, to grant Master of Science degrees in Information Security Engineering and Information Security Management.

SANS also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center. SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 250,000 security professionals, auditors, system administrators, network administrators, chief information security officers, and CIOs who share the lessons they are learning and jointly find solutions to the challenges they face.

For more information contact Steven Crofts, Director of Vendor and Media.

About Watchfire
Watchfire is the leading provider of web application security software and the only company to offer an end-to-end solution including intelligent fix recommendations to evaluate, understand and resolve issues. More than 800 enterprises and government agencies, including AXA Financial, SunTrust, HSBC, Vodafone, Veterans Affairs and Dell rely on Watchfire to identify, report and help remediate security vulnerabilities. Watchfire has been the recipient of several industry honors including: the HP/IAPP Privacy Innovation Award: winning three out of five SC Magazine Enterprise Awards, including Best Security Company; Computerworld's Innovative Technology Award; finalist for the pending Dr. Dobb's Journal Jolt Product Excellence Awards; and "Recommended" rating by Computer Reseller News. For two years in a row, Watchfire has been named by IDC as the worldwide market share leader in web application vulnerability assessment software. Watchfire's partners include IBM Global Services, Fortify, PricewaterhouseCoopers, Sapient, Microsoft, Interwoven, EMC Documentum and Mercury. Watchfire is headquartered in Waltham, MA. For more information, please visit www.watchfire.com.