SOURCE: Citadel Security Software

September 15, 2005 07:00 ET

Citadel Security Software Announces Industry's First Warranty for Security Software Performance

DALLAS, TX -- (MARKET WIRE) -- September 15, 2005 -- Citadel Security Software Inc. (NASDAQ: CDSS)

--  Industry Leader Offers Enhanced Economic Protection from the Threat of
    Cyber Attacks
--  Conference Call to Discuss the Announcement on Thursday, September 15,
    2005 at 10:00 a.m. Eastern Time
    
Citadel Security Software Inc. (NASDAQ: CDSS), a leader in enterprise vulnerability management and policy enforcement solutions, today announced the availability of Hercules SecurePlus™, the industry's first security software performance warranty. Based on Citadel's ability to deliver timely, accurate, and effective remedies for computer system vulnerabilities, the SecurePlus warranty gives unprecedented financial protection to Hercules customers and is intended to promote the adoption of proactive risk management strategies and security policy compliance to protect the nation's critical computer networks from cyber attack. To make Hercules SecurePlus available, Citadel collaborated with AIG Product Development, General Insurance, a pioneer in the fast-growing cyber security insurance market. A conference call to discuss this announcement will be held today at 10:00 a.m. Eastern Time. Dial-in information is provided below.

"I applaud this innovative collaboration as evidence of the private sector's ability to respond to issues of national and economic security without mandates from the government," said U.S. Senator John Cornyn (R-Texas). "This is a creative solution to the cyber security problem and signals a new direction in the willingness of software makers to guarantee the performance of their products."

Current legislative and statutory requirements such as Gramm-Leach-Bliley, HIPAA, the Fair Credit Reporting Act, and Sarbanes-Oxley, as well as the potential of a national breach notification law, are driving new strategies that integrate IT security operations into the risk management and business processes of commercial, as well as government, academic, and non-profit organizations. Additionally, the recent spate of identity theft incidents demonstrates the serious lack of investment in computer infrastructure protection. By delivering a performance warranty for its Hercules product, Citadel has provided an extra level of economic incentive to urge organizations to take a proactive and comprehensive approach to risk management and security policy compliance.

"Citadel's management team shares our commitment to providing sound risk reduction tools and strategies," stated Ty R. Sagalow, President, AIG Product Development, General Insurance.

"This collaboration is an important first for the maturing security industry. Citadel is guaranteeing security content updates within 24 hours so customers can protect themselves against emerging threats and vulnerabilities in software. Citadel's Hercules is the first example of a security product with a performance guarantee, providing what amounts to a warranty for vulnerability management," said Phebe Waterfield, Senior Analyst, Yankee Group.

About Hercules SecurePlus Warranty

Citadel's SecurePlus warrants the performance of the Hercules product to deliver timely, accurate, and effective remedies for known vulnerabilities aligned with the Service Level Objectives (SLOs) provided in Citadel's standard support agreement. For example, Citadel's Remediation Security Group (RSG) typically develops and issues remedies and associated security content for supported platforms and applications within 24 hours of discovering High Severity vulnerabilities classified as critical risk, within 72 hours for Medium Severity vulnerabilities classified as moderate risk, and as time allows for Low Severity vulnerabilities, classified as low risk.

If an organization's computer network is attacked due to Citadel's inability to meet its SLOs, then the warranty will reimburse customers for eligible information asset loss or the cost of restoring their lost data -- up to the amount of their Hercules contract.

"In offering this innovative product performance warranty, Citadel is sending a powerful message to our customers and to the software market at large," said Steve Solomon, CEO of Citadel Security Software. "Our private and public sector customers recognize they have a responsibility to protect their computer systems from cyber attack. At the same time, software manufacturers also have a responsibility to ensure their products perform as promised. Citadel is willing to put our money where our mouth is, going above and beyond to guarantee the performance of our Hercules technology. Our customers deserve this kind of commitment and our nation as a whole will benefit from better protected computer networks."

"The cyber security challenge grows more serious every day and organizations need to mitigate the risks associated with computer vulnerabilities. Market based solutions such as cyber security insurance may provide economic incentive to spur organizations to adopt technologies that can protect IT infrastructures from inside and outside threat," stated Amrit Williams, Research Director, Gartner, Inc.

The SecurePlus warranty is embedded in the Hercules product offering effective immediately, subject to the terms and conditions of the warranty, and is valid through the first year of the license. There is no additional cost to the customer.

Mr. Steve Solomon will host a conference call to discuss this announcement at 10:00 a.m. Eastern Time today. Interested participants may call (866) 543-6403 when calling within the United States or (617) 213-8896 when calling internationally. Please reference Conference I.D. Number 87771753. For information about Hercules SecurePlus, visit www.citadel.com/hercules_secureplus.asp.

About Citadel Hercules

With its award-winning Hercules Security Compliance and Vulnerability Remediation software solutions, Citadel helps protect an organization's network against all five classes of vulnerabilities -- software defects or patches, unsecured accounts, unnecessary services, mis-configurations, and backdoors -- across a multi-platform, multi-device environment. Hercules is widely recognized as the only vulnerability remediation solution in the marketplace that has been certified as Common Criteria EAL Level 3, recognized by the National Information Assurance Partnership (NIAP) and has been selected for inclusion in the initial release of the National Institute for Standards and Technology (NIST) Security Configuration Checklist for IT Products in the vulnerability management category. By automating vulnerability remediation and policy enforcement processes, Citadel's customers, including the U.S. Department of Defense, U.S. Department of Veterans Affairs, MCI and AutoZone, have a more effective approach to protecting sensitive data and enforcing security policies across their network.

About Citadel

Citadel Security Software (NASDAQ: CDSS) delivers security solutions that enable organizations to manage risk, reduce threats and enforce compliance with security policies and regulations. Citadel's proven architecture provides a business process to manage the increasing volume, frequency, and complexity of cyber security attacks. Citadel combines the world's largest active library of remediations spanning all classes of vulnerabilities with a proven delivery methodology to dramatically streamline vulnerability management and security compliance and provide ROI from the first use. Citadel solutions are used across the Department of Defense, at the Veterans Administration, and within other government and commercial organizations. For more information on Citadel, visit www.citadel.com, or call 888-8CITADEL.

Safe Harbor/Forward-looking Statements:

This press release may contain forward-looking statements that are intended to be subject to the safe harbor protection provided by Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These statements relate to future events or future financial performance and involve known and unknown risks and uncertainties that may cause actual results or performance to be materially different from those indicated by any forward-looking statements. In some cases, you can identify forward-looking statements by terminology such as "forecast," "may," "will," "could," "should," "anticipate," "expect," "plan," "believe," "potential" or other similar words indicating future events or contingencies. Some of the things that could cause actual results to differ from expectations are: the economic and geopolitical environment; changes in the information technology spending trends; the uncertainty of funding of government and corporate information technology security projects; the variability of the product sales cycle, including longer sales cycles for government and large commercial contracts; the uncertainty that the company's prospective deals will result in final contracts; the potential changes in the buying decision makers during a customer purchasing cycle; the complexities in scope and timing for finalization of contracts; the fluctuations in product delivery schedules; a lack of Citadel operating history; uncertainty of product development and acceptance; uncertainty of ability to compete effectively in a new market; the uncertainty of profitability and cash flow of Citadel; intellectual property rights and dependence on key personnel; economic conditions; the continued impact of terrorist attacks, global instability and potential U.S. military involvement; the competitive environment and other trends in the company's industry; the effects of inflation; changes in laws and regulations; changes in the company's business plans, including shifts to new pricing models that may cause delays in licenses; interest rates and the availability of financing; liability, legal and other claims asserted against the company; labor disputes; the company's ability to attract and retain qualified personnel; and uncertainties related to the launch of the warranty program, including but not limited to potential claims and the ongoing relationship with AIG, the possibility that AIG will be unable or unwilling to perform on the insurance policies issued or cancel the agreement with Citadel; and possible losses to Citadel if Citadel is required to reimburse AIG under the insurance policies. For a discussion of these and other risk factors, see the company's Annual Report on Form 10-KSB for the year ended December 31, 2004 and the company's Quarterly Report on Form 10-Q for the quarter ended June 30, 2005. All of the forward-looking statements are qualified in their entirety by reference to the risk factors discussed therein. These risk factors may not be exhaustive. The company operates in a continually changing business environment, and new risk factors emerge from time to time. Management cannot predict such new risk factors, nor can it assess the impact, if any, of such new risk factors on the company's business or events described in any forward-looking statements. The company disclaims any obligation to publicly update or revise any forward-looking statements after the date of this report to conform them to actual results.

Editors Note: Citadel and SecurePlus are trademarks and Hercules® is a registered trademark of Citadel Security Software.

Contact Information