Citadel Security Software Partners With Qualys to Provide an Automated Vulnerability Remediation Solution

Dallas, Texas — June 12, 2002 — Citadel Security Software Inc. (OTCBB: CDSS), today announced a marketing and technology agreement with Qualys™, a leader in Managed Vulnerability Assessment, that enables customers to automatically verify the remediation of vulnerabilities on their corporate networks. The combined solutions will initiate an automatic vulnerability audit after each Hercules remediation cycle to validate the elimination of vulnerabilities on a company’s network. The two companies will co- market and recommend each other’s solutions. Citadel will begin shipping Hercules that offers the remediation of QualysGuard during the third quarter of 2002.

Under the terms of the agreement, Hercules, the security industry’s foremost automated vulnerability remediation system, will automatically remediate the vulnerabilities detected by QualysGuard scans. After the remediation cycle is complete, Hercules will trigger QualysGuard to automatically launch a differential scan, verifying the completion of the process and demonstrating that the network is secure.

“This combination offers a complete solution to customers, providing them with the ability to automatically detect and repair network vulnerabilities, and then automatically verify that those vulnerabilities have been eliminated, without the burdens and attendant costs of the typical manual process,” said Steven Solomon, President and CEO of Citadel Security Software. “We expect that this partnership will enable both Citadel’s and Qualys’ customers to realize significant savings and reduce their windows of exposure.”

Qualys’ Web-based platform enables companies—from small business to Global 2000—to proactively protect their corporate data assets with continuous, automated audits for network vulnerabilities. QualysGuard employs advanced vulnerability detection techniques to assess a network’s security exposures and suggest remedies before intruders can take advantage of them. Referencing the industry’s largest and most up-to-date vulnerability KnowledgeBase, QualysGuard provides comprehensive, on- demand security audits that identify, analyze, and report network security threats. Hercules utilizes the intelligence from Qualys’ vulnerability assessments to automatically repair detected vulnerabilities and verify their elimination.

“Automation of the full cycle of vulnerability assessment—from identification and prioritization, to remediation and verification—is becoming a requirement for companies that are trying to stay ahead of increasingly automated threats from network intruders,” said Philippe Courtot, President and CEO of Qualys. “Offering a combination of QualysGuard and Hercules will reduce network managers’ time and expenditures as well as increase automation and functionality to the process of network security.”

About Citadel Software, Inc.
Citadel Security Software, Inc. (OTCBB:CDSS) develops, markets and licenses computer security and privacy software for one of the fastest growing software industry segments today – security inside the firewall. Citadel’s products enable companies to enforce security policies from a single point of control across all Windows and NetWare platforms. These products remediate vulnerabilities and secure confidential information, applications and systems from the five classes of security vulnerabilities: software bugs, unnecessary services, unsecure accounts, back doors and mis-configurations. Hercules open architecture design allows the import and aggregation of assessment data from many sources. Citadel is poised to work with industry leading vulnerability assessment vendors to address the real world issues of vulnerability assessment and remediation, and become the industry standard for vulnerabiltiy remediation. The products specifically address the mandates of HIPAA and Gramm-Leach-Bliley legislation for the health care and financial industries. Citadel’s clients include IBM Global Services, Merrill Lynch, the U.S. Navy and several large health care companies.

Further information about Citadel Security Software and its products can be accessed at its website, www.citadel.com.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey
Qualys
media@qualys.com