For more information about Luxoft, visit www.luxoft.com www.luxoft.com/technology/
case study 14.09.2012
Section 508 Compliance Audit for Security Product Suite Summary Perform an independent software audit to assess and ensure compliance to Section 508 (Electronic and Information Technology) of the US Rehabilitation Act.
uu Client: International independent software vendor uu Business Area: Software publishing uu Technology Set: —— 2EE, WebServices, XML/XSD/ XSLT technologies for data handling and modeling —— C#, .NET for MS Visual Studio add-on,Java for Eclipse, and jDeveloper plug-ins —— Spring, Flex and SWT frameworks for features in thick tools and rich clients —— JAWS as screen reader application uu Services Provided: Application evaluation, testing, audit, and upgrade, System Development uu Team size: 9 team members uu Duration: 7 months
Challenge The client, an international independent software vendor (ISV), had recently acquired a suite of security analysis software for the business and government agency markets. In order to market this product to the US government, it had to comply with the standards in Section 508 (Electronic and Information Technology) amendment to the US Rehabilitation Act that requires software used by Federal agencies and departments is accessible to people with disabilities. The security analysis software suite had to comply with the following technical standards in Section 508: ยง 1194.21 Software applications and operating systems must be usable for people with vision impairment. Usability requirements include alternative keyboard navigation features and provisions for animation, color and contrast settings, electronic forms, and ash rate. ยง 1194.22 Web-based intranet and internet information and applications must be accessible to people with vision impairment that use assistive devices, such as screen readers, to access information on the web.
Solution The Security Assurance suite is a set of tightly integrated tools that identify, prioritize, and fix security vulnerabilities in software. The suite includes a wide range of tools that include ensure application security in thick clients, plugins and add-ins, web-based tools, and server products. Luxoft evaluated and upgraded seven applications in the Security Assurance software suite for Section 508 compliance by developing and executing specialized test cases for audit, implementing changes for compliance, and performing the nal testing and audit for client acceptance. In the first audit, Luxoft identified more than 1,200 Section 508 vulnerabilities.
Luxoft - Case Study
02
Benefits The client realized the following benefits from Luxoft’s software audit and compliance upgrade: uu The Security Assurance product is in compliance with US government uu Standards and is available to sell to the large US government market uu Artifacts provided by Luxoft: —— Generic Section 508 Test Cases —— JAWS conguration tips and tricks —— Best practice knowledge base for development teams —— Problems and solutions in knowledge base for development teams —— Guidelines for teams to adapt development to the Section 508 standards
Customer Feedback Detailed feedback is available on request.
Luxoft - Case Study
03
About luxoft
Luxoft, a principal subsidiary of IBS Group, is a provider of advanced application and software engineering outsourcing services for global and regional enterprises. Luxoft builds partnerships with its clients, such as Boeing, IBM, Deutsche Bank, UBS, Harman, Avaya, Alstom, and Sabre, based on the culture of engineering excellence, innovation, and deep domain expertise. Luxoft offers international delivery capability through its network of state-of-the-art delivery centers in North America, Eastern Europe, and Asia. Luxoft`s customers benefit from the right mix of technology skills, industry knowledge, proprietary processes and methodologies, and a choice of engagement models. For more information about Luxoft, visit www.luxoft.com www.luxoft.com/technology/ Š 2012 Luxoft