IRS Seeks Security Testing Tool for COBOL Applications

The Internal Revenue Service is seeking sources of software security scanning tools that can help fulfill national security requirements.

The IRS is looking for potential application security testing solutions for source code written in the COBOL programming language, according to a request for information posted on SAM .gov.

The Common Business-Oriented Language was specially designed to make business processes more efficient and secure, according to IBM.

The IRS said that a large portion of its software portfolio is written in COBOL. The agency has about 160 COBOL applications.

According to the agency, its information technology cybersecurity and application development areas need a solution that addresses four major needs: accurate and actionable results, full-code scanning capabilities, automation, and guidance on remedying code weaknesses.

Solutions will be assessed based on their ability to integrate with development processes and industry best practices, including DevSecOps and the continuous integration/continuous deployment pipeline.

DevSecOps is the concept of incorporating security into the DevOps process, which itself is a software development and IT operations philosophy aimed at shortening development time while maintaining high quality.

Interested offerors have until July 8 to submit their capability statements or responses to the RFI. Questions about the sources sought notice will be accepted on or before June 21.

Responses are expected to include information on the vendor’s company type, staff expertise, past experience, qualifications and certifications, among others.

The IRS said its representatives may choose to invite RFI respondents to a 60-minute demonstration of their offering for the sole purpose of clarification.