Citadel Security Software’s Hercules Technology Undergoes Common Criteria Upgrade to Level 3

Hercules Only Vulnerability Remediation Tool Registered to Undergo Common Criteria Evaluation Assurance Level (EAL) 3

DALLAS, TX -August 26, 2003-Citadel Security Software Inc. (OTCBB:CDSS), a leader in automated vulnerability remediation (AVR) and policy compliance solutions, announced today that its patent-pending AVR solution Hercules® will undergo Common Criteria (CC) certification to upgrade its status from Evaluation Assurance Level (EAL) 2 to EAL 3. This stringent security evaluation will be conducted by EWA-Canada, an independent laboratory that is accredited to the requirements of the ISO 15408 Common Criteria Standard for IT Security Evaluation. By achieving this certification, Hercules will be in compliance with the one of the highest government standards worldwide, making it the only vulnerability remediation tool approved under CC EAL 3 for federal agency purchase.

Through the achievement of EAL 3, Citadel’s Hercules will meet the needs of more sophisticated customers, including the Department of Defense, government lettered agencies and security conscious commercial enterprises, which are only permitted to purchase security products that receive the maximum assurance from Common Criteria guidelines. Following a successful evaluation conducted by EWA-Canada, Hercules will be added to the internationally recognized Centralized Certified Product List. The EAL 3 registration number for Hercules is 383-4-18.

“By dedicating resources to achieve Common Criteria EAL 3, Citadel has once again proven its commitment to federal agencies that require the highest level of security,” said Steve Solomon, CEO of Citadel Security Software. “Developed by national security coordinators worldwide, Common Criteria validates for both government and enterprise users that Hercules is a trusted vulnerability remediation solution.”

Citadel’s Hercules is the first vulnerability remediation solution to automate the resolution of all five classes of vulnerabilities, including software defects, mis-configurations, unsecured user accounts, unnecessary services and backdoors. With the largest library of remediation signatures across Windows, Sun Solaris and Linux Red Hat platforms and interoperability with industry leading network scanners and vulnerability assessment tools, Hercules allows users to import and aggregate data from multiple sources, review, approve and customize resolutions, and systematically deploy vulnerability fixes. Hercules interoperates with ISS, Harris, Nessus, Qualys and eEye scanners, vulnerability assessment tools from Foundstone and Vigilante, and will support application vulnerability scanners from SPI Dynamics within the year.

About Citadel
Recently cited by the Dallas Business Journal as the 7th fastest growing public company in DFW, Citadel Security Software, Inc., a leader in automated vulnerability remediation and policy enforcement solutions, helps enterprises effectively neutralize security vulnerabilities. Citadel’s patent-pending Hercules® technology provides users with full control over the automated remediation process, enabling efficient aggregation, prioritization and resolution of vulnerabilities detected by industry-standard vulnerability assessment tools. Winshield® SecurePCâ„? and NetOFFâ„? products enable companies to enforce security policies from a single point of control. Citadel’s solutions enable organizations to ensure the confidentiality of information, reduce the time and costs associated with the inefficient manual remediation process, and facilitate compliance with organizational security policies and government mandates such as HIPAA and Gramm-Leach-Bliley legislation. For more information on Citadel, visit www.citadel.com, or contact the company at (214) 520-9292.

Except for the historical information contained herein, this press release contains forward looking statements that are subject to risks and uncertainties, including the current economic and geopolitical environment, information technology spending trends, lack of Citadel operating history, uncertainty of product acceptance, uncertainty of ability to compete effectively in a new market and the uncertainty of profitability and cash flow of Citadel. These risks and uncertainties may cause actual outcomes and results to differ materially from expectations in this presentation. These and other risks are detailed in Citadel’s current report on Form 10-QSB for the quarter ended March 31, 2003 and on Form 10-KSB for the year ended December 31, 2002. Editors Note: Citadel is a trademark and Hercules is a registered trademark of Citadel Security Software.