Veracode Answers Industry Call for Security Insight with Industry's First Software Security Ratings Service.
BURLINGTON, Mass. -- Veracode Inc., provider of the industry's first on-demand application security review solutions, today announces that it has released the industry's first standards-based ratings service for determining security levels in software. The Veracode Software Security Ratings Service([TM]) provides a pragmatic way for enterprises and ISVs to measure, compare and improve application security levels.
Veracode's Software Security Ratings Service is used to assess and identify the severity and exploitability of software flaws. By producing a software security rating, enterprises now are able to gain insight into the security quality of software similar to that provided by Moody's([R]), Standard and Poor's([R]) or Consumer Reports([R])for other products.
Today's software industry is one of the largest in the world, with annual revenues of over $350 billion(a), yet there is no standard way to measure software security. The operational risk and burden on enterprises and consumers from insecure software has been steadily growing due to increasing vulnerability disclosures, associated product patches, data breaches leading to massive identity theft and, more recently, fluctuations in corporate stock prices.
Until now, independent software ratings have not been possible due to the sensitivity associated with releasing source code for independent evaluation and the fact that existing evaluation tools are not able to assess 100% of the application code, a pre-requisite for an accurate security assessment. Veracode's innovation with binary security analysis, coupled with its on-demand service model that integrates multiple testing techniques, makes this rating service possible.
"Our breakthrough binary analysis makes it possible for Veracode to assist the software community to raise the level of software security," said Matt Moynahan, president and CEO of Veracode. "Our objective is to drive innovation that makes it easy and cost effective for enterprises and ISVs alike to independently determine whether the software they are buying or selling is secure and demonstrate that they take software security seriously."
Veracode's Software Security Rating Service is based on respected industry standards including MITRE's and NIST's Common Weakness Enumeration (CWE) for classification of software weaknesses and FIRST's Common Vulnerability Scoring System (CVSS) for severity and ease of exploitability. Veracode is the only organization to combine these standards into a meaningful and practical way to assess software security across internally and externally developed applications.
"We are pleased that Veracode, the first organization to declare Common Weakness Enumeration compatibility for CWE Coverage, CWE Output and CWE Searchable, is committed to promoting standards such as CWE," said Steve Christey, technical lead for MITRE's CWE initiative. "Early adopters such as Veracode play an important role in bringing clarity to the application security space for their customers."
Enterprise use cases for the ratings service include implementing software procurement best practices through security thresholds for purchased software, implementing code acceptance security policies for outsourced application development and evaluation of software security risk in M&A transactions.
"The industry needs a way to measure how secure software is, whether that software is purchased, built in house or comes from an outsourced developer," said Diana Kelley, analyst at the Burton Group. "The ability to rate software security levels allows companies to manage risk by determining whether or not the software meets their requirements."
Learn more about Veracode software ratings at: www.veracode.com.
Veracode is the industry's first provider of automated, on-demand application security solutions. Created by a world-class team of application security experts from @stake, Guardent, ISS, VeriSign and Symantec, the company delivers services to identify software flaws introduced through coding errors or malicious intent. Veracode's core service, SecurityReview uses patented binary code analysis that is uniquely able to inspect entire application inventories, including components, and does not require companies to expose their valuable source code. Enterprises can now protect their intellectual property while preventing attacks allowed by vulnerabilities in applications.
As the most accurate and comprehensive solution, Veracode makes it simple and cost-effective to implement application security best practices and reduce operational costs related to manual reviews. Whether a company is developing applications internally, purchasing software or integrating code from partners, Veracode's SecurityReview provides insight to the security level of your applications. Outsourcing code analysis to Veracode is the easiest way to secure your software. With a pragmatic approach to application security, Veracode helps you fix what matters most to your business.
For more information, please visit www.veracode.com.
(a) Software Magazine, October 2006
|Printer friendly Cite/link Email Feedback|
|Date:||Jun 25, 2007|
|Previous Article:||Newly Formed Nonprofit - Institute for Pediatric Innovation - Announces Consortium of Leading Children's Hospitals to Focus on Developing Products...|
|Next Article:||VSNL Achieves Metro Ethernet Forum (MEF) 14 Certification.|