For Immediate Release

SKYBOX SECURITY RECOGNIZED FOR CVE COMPATIBILITY

First Security Risk Management Solution to be Awarded with Important Industry Certification at MIS Technology Institute's InfoSec World Conference and Exposition

PALO ALTO, CA - April 6, 2005 - Skybox ® Security, Inc., the leader in Security Risk Management (SRM), announced today that it has been formally recognized for Common Vulnerabilities and Exposures (CVE ®) compatibility for its enterprise software solution, Skybox View. The award, presented to Skybox at the MIS Technology Institute's InfoSec World Conference and Exposition, recognizes products that have incorporated MITRE Corporation's CVE standard names for security vulnerabilities and exposures to foster information sharing across security solutions. Skybox was one of ten companies receiving certification.

"Skybox has demonstrated its commitment to providing its customers with a comprehensive security risk management solution by meeting strict CVE compatibility evaluation requirements. Skybox View is fully CVE-compatible, bringing enterprises using Skybox View the ability to cross-share important vulnerability information," said Robert A. Martin, MITRE CVE Compatibility Lead. Certificates of Compatibility were presented by Jerry Dixon, the Deputy Director of the National Cyber Security Division, U.S. Computer Emergency Readiness Team (CERT) at the Department of Homeland Security.

CVE is a list or dictionary that provides common names for publicly known information security vulnerabilities and exposures, facilitating the exchange of vulnerability information across separate databases and tools in a vendor-independent manner. CVE-compatible products provide organizations with better coverage, easier interoperability and enhanced security. CVE is also endorsed by leading representatives from the information security community.

"Skybox Security is proud to be the first security risk management solution to be awarded CVE compatibility, as well as one the select few who have achieved the final phase of MITRE's formal CVE Compatibility Process," said Gidi Cohen, chief strategy officer for Skybox Security. "Skybox is actively committed to industry standards. With over 200 products and services declared CVE-compatible, the CVE Initiative is an important and influential community working toward the common purpose of better security."

About The Common Vulnerabilities and Exposures (CVE) Initiative

In 1999, MITRE created CVE to act as a bridge between different information security tools and services.  The CVE Editorial Board includes numerous information security-related organizations including commercial security tool vendors, members of academia, research institutions, government agencies, and other prominent security experts that work together to foster the integration and direction of CVE. The CVE Initiative is funded by the U.S. Department of Homeland Security.

About The MITRE Corporation

About Skybox Security

Skybox® Security, Inc. is the leader of next-generation Security Risk Management (SRM) solutions. The company's flagship product, Skybox® View, is the first enterprise software platform that raises vulnerability assessment, threat analysis, remediation planning and change management to the business risk level where it belongs. By combining business impact analysis and simulation with vulnerability data and network modeling, enterprises can continuously maintain risk-resilient networks, reduce regulatory compliance exposures, and shrink the window of exposure from months to hours.

With Skybox View security professionals can take a disciplined approach to measure business risk exposure, understand effectiveness of remediation alternatives, justify mitigation efforts (ROI), and minimize damage from attacks while lowering operating cost. By enhancing current best practices and internal controls with automated risk management analysis, security, network and business units can work more effectively as a team. Skybox solutions have been successfully deployed at highly respected Global 2000 companies worldwide.

Founded in 2002 the company is headquartered in Palo Alto, California and is backed by Benchmark Capital, Lightspeed Venture Partners, Carmel Ventures, and Mofet Technology Fund. For more information contact (650) 565-8060 or http://www.skyboxsecurity.com.

About Skybox View

Skybox® View automates labor-intensive risk assessment and remediation planning processes. Skybox View helps enterprises continuously collect, identify visualize and understand the total risk exposure of digital assets and proactively prioritize and optimize the mitigation steps necessary to prevent internal and external attacks. It represents the missing piece for assessing, evaluating and mitigating pre-attack exposures, taking network information and business impact into account. Unique patented modeling and attack simulation technologies generate a virtual map of business asset exposures, distilling thousands of vulnerabilities down to the one to two percent that really matter. "What if" planning analysis puts security, network and business teams on the same page, empowering IT organizations to balance the cost and benefit of proposed remediation, network changes or patches before deployment. Open collection architecture leverages existing and future investments in firewall, router, network and vulnerability scanner technologies.

Contact:
Vanessa Miali
Kesselring Communications, LLC
vanessa@kesselring.net
503.380.1884