May 12, 2005

Mr. Craig Wilson
Senior Assistant Chief Accountant
Division of Corporate Finance
Securities and Exchange Commission
450 Fifth Street, N.W., Mail Stop 4-06
Washington, D.C.  20549

     Re:  Citadel Security Software, Inc. (File No. 000-33491)
          Form 10-K for the year ended December 31, 2004
          Filed March 31, 2005

Dear Mr. Wilson:

     I am writing on behalf of Citadel Security Software, Inc. ("CITADEL" or the
"COMPANY")  in  reference to the staff's letter dated May 5, 2005 (the "LETTER")
concerning  the  above  captioned  Form  10-K.  The  Company's  responses to the
staff's  comments  in the Letter are set forth below.  For your convenience, the
staff's  comments  have  been  reproduced  immediately  preceding  the Company's
responses.

FORM 10-K FOR THE YEAR ENDED DECEMBER 31, 2004
----------------------------------------------


     1.    We note that  you  defer  revenue  in  certain transactions with
     government  contractors  until  the  contractor  has  received  the
     authorization  to  deploy the products to the end user agency. Clarify
     for  us what you mean by stating that you defer revenue "when aware of
     these  circumstances."  Explain  to  us the controls and procedures in
     place  that  ensure  any  such  circumstances  are  known  prior  to
     recognizing  revenue  and indicate whether any such circumstances have
     become  known  subsequent  to  revenue  recognition.

     In  connection  with  considering the criteria for revenue recognition, the
Company determines whether the government contractor or systems integrator (each
a  "CONTRACTOR")  has  received  authorization  to  deploy  our  products.  This
determination  is based on a review of the terms and conditions of the Company's
contract  with  the  Contractor  and considers various factors, including, among
other  things,  whether  delivery  will  be made directly to the end user or the
Contractor,  the existence of acceptance criteria by the end user, contingencies
relating  to  payment  terms,  and  express rights of return.  If the product is
delivered  to  the  Contractor, the


<PAGE>
Securities and Exchange Commission
May 12, 2005
Page 2


Company requests that the Contractor provide confirmation of delivery to the end
user  agency.  If  product  is  delivered  directly  to the end user agency, the
Company  uses  this  delivery  date  as  the  date  of  deployment.

     In  some  circumstances,  the Company may not be aware of when a Contractor
receives authorization to deliver and deploy a product. This situation may arise
because the terms and conditions of the Contractor's agreement with the end user
agency  may  be different than the Company's contract with the Contractor or may
not  be  available  to the Company for various reasons (e.g., security clearance
requirements).  When  the  Company  is  aware  of these circumstances (i.e., the
Contractor  cannot  confirm delivery to the end user agency), the Company defers
revenue until it receives (i) confirmation that the Contractor has delivered the
product  to  the  end  user  agency  or  (ii)  payment.

     In addition, explain how your revenue recognition policies comply with
     paragraph  33  of  SOP  97-2  in  arrangements  involving governmental
     agencies.

     The  Company is sometimes subject to fiscal funding clauses in its software
licensing  transactions  with  the federal, state and local government agencies.
Such  clauses  typically  provide  that the license is cancelable if the funding
authority  does  not appropriate the funds necessary for the governmental entity
to  fulfill  its  obligations  under  the  licensing  arrangement.  Because  the
governmental  procurement  process  for  our products and services tends to be a
lengthy  process,  the  Company  usually  has  information  as  to  whether  the
governmental  entity  has  appropriated  funds to license the Company's software
products.  In addition, the Company evaluates the circumstances of the licensing
arrangement,  payment  terms,  any  express  or  implicit  refund  rights,  any
acceptance  criteria  and  any  other  contingencies  to  determine  whether the
possibility  of  a  cancellation  is a remote contingency.  If the likelihood of
cancellation  is  believed to be remote, then the software licensing arrangement
is  considered non-cancelable, and the Company recognizes the revenue related to
the  software  licensing  when  all other revenue recognition criteria have been
met.  If the likelihood of cancellation is other than remote, the Company defers
the  revenue until payment is received, any refund rights and contingencies have
expired  and  all  other  revenue  recognition  criteria  have  been  met.

     The  Company  acknowledges  that (i) it is responsible for the adequacy and
accuracy  of the disclosure in the filing; (ii) the staff comments or changes to
disclosure  in  response  to staff comments do not foreclose the Commission from
taking  any action with respect to the filing; and (iii) it may not assert staff
comments  as  a  defense in any proceeding initiated by the Commission under the
federal  securities  laws  of  the  United  States.


<PAGE>
Securities and Exchange Commission
May 12, 2005
Page 3


     The Company appreciates the opportunity to respond to the staff's comments.
Please  let  me  know if you have any additional questions or require additional
information.

Sincerely,


/s/ RICHARD CONNELLY
Richard Connelly
Chief Financial Officer
Citadel Security Software Inc.
Two Lincoln Centre
5420 LBJ Freeway, Suite 1600
Dallas, Texas 75240
(214) 520-9292

RC/vlc