Citadel CTO Carl Banzhof Appointed to MITRE OVAL — Open Vulnerability Assessment Language — Board

Business Wire, Dec 10, 2002

Business Editors/High-Tech Writers

DALLAS--(BUSINESS WIRE)--Dec. 10, 2002

Industry Veteran Joins IT Security Leaders to Standardize

Vulnerability Assessment for Accelerated Remediation

Citadel Security Software, Inc. (OTCBB:CDSS), a leader in automated vulnerability remediation, announced today that CTO Carl Banzhof has been appointed to the OVAL (Open Vulnerability Assessment Language) Board. Banzhof joins security veterans from industry leaders including Symantec, Internet Security Systems, Network Associates, SANS Institute, CERT/CC(R) and Harris. The goal for the board is to establish a baseline method for performing vulnerability assessments along with standardizing the process of identifying and naming vulnerabilities. MITRE (www.mitre.org) is a not-for-profit national resource that provides systems engineering, research and development, and information technology support to the government.

"We are delighted to have Carl Banzhof join the other IT security experts on the OVAL Board," said Matthew Wojcik, Senior Information Security Engineer, The MITRE Corporation. "His deep understanding of security vulnerability remediation will greatly benefit the Board's efforts to simplify vulnerability identification. As automated vulnerability remediation gains adoption in the enterprise, it will be critical that assessment tools support the OVAL standard."

Automated Vulnerability Remediation (AVR) enables IT managers to quickly and effectively resolve the backlog of vulnerabilities identified by assessment tools, providing an efficient and economical answer to an ongoing costly problem. Vulnerability remediation is not limited to installing patches--it encompasses the entire scope of IT vulnerabilities, including software defects, insecure user accounts, unnecessary services and misconfigurations.

"I am pleased to be selected to participate in the OVAL project which will allow Citadel to apply resources to help pioneer the future of vulnerability assessment and remediation through consolidated research and heuristic capabilities," said Carl Banzhof, Chief Technology Officer, Citadel. "This driving consortium will forever change the landscape of the market and provide users with additional capabilities that seek to refine the science of vulnerability assessment and remediation."

In his 17 years in the security industry, Carl Banzhof has been responsible for the architecture and development of multiple award-winning security products. He and his development team are also credited with the innovation behind Hercules, Citadel's automated vulnerability remediation solution.

OVAL builds upon Common Vulnerabilities and Exposures (CVE), a dictionary of standardized names and descriptions for publicly known information security vulnerabilities and exposures, developed by MITRE in cooperation with the international security community. The OVAL effort was initiated by MITRE, and involves representatives from a broad spectrum of industry, academia, and government organizations, including operating system and security tool vendors.

About Citadel

Citadel Security Software, Inc. (OTCBB:CDSS) develops, markets and licenses computer security and privacy software for one of the fastest growing software industry segments today -- security inside the firewall. Citadel's Winshield(R) SecurePC(TM) and NetOFF(TM) products enable companies to enforce security policies from a single point of control. Citadel's Hercules remediates vulnerabilities from the five classes of security vulnerabilities: insecure accounts, unnecessary services, misconfigurations, back doors and software defects. Hercules' open architecture design allows the import and aggregation of assessment data from many sources. Hercules is interoperable with industry leading vulnerability assessment tools, allowing customers to address the real world issues of vulnerability assessment and remediation. Citadel's products also address the initiatives of the President's National Strategy to Secure Cyberspace and the mandates of HIPAA and Gramm-Leach-Bliley legislation for the healthcare and financial industries. Further information about Citadel Security Software and its products can be accessed at its website, www.citadel.com.

Safe Harbor/Forward-looking Statements:

Except for the historical information contained herein, this news release contains forward looking statements that are subject to risks and uncertainties, including lack of Citadel operating history, uncertainty of product acceptance, uncertainty to compete effectively in a new market category and the uncertainty of profitability and cash flow of Citadel. These risks and uncertainties may cause actual outcomes and results to differ materially from expectations in this press release.These and other risks are detailed from time to time in CT Holdings' and Citadel's SEC reports, including CT's report on Form 1O-KSB for the year ended December 31, 2001 and most recent Form 10-QSBs, as well as Citadel's Registration Statement on Form 10-SB and amendments and most recent Form 10-QSBs.