CNET también está disponible en español.

Ir a español

Don't show this again

New Orleans cyberattack Xbox Series X Baby Yoda on SNL Mac Pro Watch the Geminid meteor shower peak Best Amazon holiday deals

Firms team to win Homeland Security bid

Two companies win a multimillion-dollar contract to create a system for patching security flaws in software used by U.S. agencies, a deal involving the new federal department.

In a deal involving the new Department of Homeland Security, two companies teamed up to win a multimillion-dollar contract to create a system for patching security flaws in software used by U.S. government agencies.

Information-system provider Veridian and security company SecureInfo announced the $10.8 million contract this week. Under the deal, they'll create a Web-based service for the secure dissemination of software patches to network administrators within the federal government. The service, as part of the Federal Computer Incident Response Center, will be managed by the Department of Homeland Security, created by President Bush on Monday.

"FedCIRC has funded (the service) and will provide this tool to the other agencies free of charge," said John Linton, chief operating officer for San Antonio, Texas-based SecureInfo.

As part of the five-year contract, the companies will identify new potential vulnerabilities that affect government systems, verify that patches work as their creators claim and then make the updates available using Web-based software.

SecureInfo will identify potential vulnerabilities by searching for information from software makers, on security mailing lists and in chat rooms. Veridian will verify that the fixes for a particular vulnerability work. The two companies have committed to a 12-hour turnaround for any particular flaw, Linton said.

SecureInfo currently does 90 percent of its business with federal, state and international governments. In August, the company clinched a $103 million contract with the Department of Veteran Affairs to handle the agency's cybersecurity and incident response for the next 10 years.

FedCIRC is expected to be incorporated into the Department of Homeland Security by March 2003.