Rocket zAssure Vulnerability Assessment Program (zAssure VAP)

Date: 08/08/2024

Vendor: Rocket Software

Technology/Topic: Rocket zAssure Vulnerability Assessment Program (zAssure VAP)

URL: https://www.rocketsoftware.com

TEM Video (milTube): https://www.milsuite.mil/video/watch/video/70813

Rocket Software TEM Slide Deck Download

______________________________________________

Welcome to the Technical Exchange Meeting (TEM)!

Topic: Keeping zOS Secure into the Future

zAssure VAP is a unique vulnerability assessment solution designed to conduct automated, comprehensive, binary-code scanning to identify vulnerabilities at the operating system level. The solution scans code in memory using proprietary algorithms to discover vulnerabilities with a high accuracy rate of 99.9%. These vulnerabilities are not being tracked using the National Vulnerability Database. Mainframe vendors, including IBM, do not publish integrity vulnerabilities. In most cases, mainframe software vulnerability patches are posted in proprietary databases that customers need to login to access. Using the CVSS Common Vulnerability Scoring System) to evaluate and rank vulnerabilities in a standardized and repeatable way, a scale from 0 to 10 is used to report the severity of the vulnerability. A score of 0 means the vulnerability is less significant than the highest vulnerability with a score of 10. This classification enables prioritization of remediation based on the organization’s risk management requirements.

This scanning solution provides you with the ability to selectively scan the operating system and other vendor software authorized to run at the operating system level. Output from VAP scans are used to create a Vulnerability Detail Report or VDR. These reports provide the CVSS score for each vulnerability as well as the exact offset in identified programs where the vulnerability is located. This detail helps reduce the time it takes to develop a patch for the vulnerabilities found. Executing a second scan after the patch has been applied determines whether or not the fix resolved the vulnerability.

______________________________________________

To join the DISA TEM mailing list, please contact: disa.tem@mail.mil

______________________________________________

Disclaimer:

— TEMs do not serve as a marketing venue or request for proposal actions.

— TEMs shall not be interpreted as a commitment by the Government to issue a solicitation or ultimately award a contract.

— TEMs do not serve as an endorsement of any presented technologies or capabilities

— Presentations will not be considered as proposals nor will any awards be made as a result of a TEM session.

— TEMs are public open forums – no proprietary or sensitive information should be presented during TEM sessions. Only publicly facing content is permissible in DISA TEM sessions.