Case study section 508 compliance audit luxoft for international independent software vendor
For more information about Luxoft, visitwww.luxoft.comwww.luxoft.com/technology/case studySection 508 Compliance Auditfor Security Product Suite14.09.2012uu Client: International independent software vendoruu Business Area: Software publishinguu Technology Set:—— 2EE, WebServices, XML/XSD/ XSLT technologies for data handling andmodeling—— C#, .NET for MS Visual Studio add-on,Java for Eclipse, and jDeveloperplug-ins—— Spring, Flex and SWT frameworks for features in thick tools and richclients—— JAWS as screen reader applicationuu Services Provided: Application evaluation, testing, audit, andupgrade, System Developmentuu Team size: 9 team membersuu Duration: 7 monthsSummaryPerform an independent software audit to assess and ensure compliance toSection 508 (Electronic and Information Technology) of the US Rehabilitation Act.
ChallengeSolutionThe client, an international independent software vendor (ISV), had recentlyacquired a suite of security analysis software for the business and governmentagency markets. In order to market this product to the US government, it had tocomply with the standards in Section 508 (Electronic and Information Technology)amendment to the US Rehabilitation Act that requires software used by Federalagencies and departments is accessible to people with disabilities. The securityanalysis software suite had to comply with the following technical standards inSection 508:§ 1194.21 Software applications and operating systems must be usable forpeople with vision impairment. Usability requirements include alternativekeyboard navigation features and provisions for animation, color and contrastsettings, electronic forms, and ash rate.§ 1194.22 Web-based intranet and internet information and applications mustbe accessible to people with vision impairment that use assistive devices, such asscreen readers, to access information on the web.The Security Assurance suite is a set of tightly integrated tools that identify,prioritize, and fix security vulnerabilities in software. The suite includes a widerange of tools that include ensure application security in thick clients, plug-ins and add-ins, web-based tools, and server products. Luxoft evaluated andupgraded seven applications in the Security Assurance software suite for Section508 compliance by developing and executing specialized test cases for audit,implementing changes for compliance, and performing the nal testing and auditfor client acceptance. In the first audit, Luxoft identified more than 1,200 Section508 vulnerabilities.02Luxoft - Case Study
BenefitsCustomer FeedbackThe client realized the following benefits from Luxoft’s software audit andcompliance upgrade:uu The Security Assurance product is in compliance with US governmentuu Standards and is available to sell to the large US government marketuu Artifacts provided by Luxoft:—— Generic Section 508 Test Cases—— JAWS conguration tips and tricks—— Best practice knowledge base for development teams—— Problems and solutions in knowledge base for development teams—— Guidelines for teams to adapt development to the Section 508 standardsDetailed feedback is available on request.03Luxoft - Case Study