Information-system provider Veridian and security company SecureInfo announced the $10.8 million contract this week. Under the deal, they'll create a Web-based service for the secure dissemination of software patches to network administrators within the federal government. The service, as part of the Federal Computer Incident Response Center, will be managed by the Department of Homeland Security,on Monday.
"FedCIRC has funded (the service) and will provide this tool to the other agencies free of charge," said John Linton, chief operating officer for San Antonio, Texas-based SecureInfo.
As part of the five-year contract, the companies will identify new potential vulnerabilities that affect government systems, verify that patches work as their creators claim and then make the updates available using Web-based software.
SecureInfo will identify potential vulnerabilities by searching for information from software makers, on security mailing lists and in chat rooms. Veridian will verify that the fixes for a particular vulnerability work. The two companies have committed to a 12-hour turnaround for any particular flaw, Linton said.
SecureInfo currently does 90 percent of its business with federal, state and international governments. In August, the company clinched a $103 million contract with the Department of Veteran Affairs to handle the agency's cybersecurity and incident response for the next 10 years.
FedCIRC is expected to be incorporated into the Department of Homeland Security by March 2003.