Veracode Answers Industry Call for Security Insight with Industry's First Software Security Ratings Service.
- With software attacks on the rise, Veracode leverages its breakthrough binary security analysis capability and unveils ratings service Ratings Service
A company, such as Moody's or Standard & Poor's, that rates various debt and preferred stock issues for safety of payment of principal, interest, or dividends. to educate enterprises and independent software vendors on software security levels -
BURLINGTON, Mass. -- Veracode Inc., provider of the industry's first on-demand application security review solutions, today announces that it has released the industry's first standards-based ratings service for determining security levels in software. The Veracode Software Security Ratings Security ratings
Commercial rating agencies' assessment of the credit and investment risk of securities. Service([TM]) provides a pragmatic way for enterprises and ISVs to measure, compare and improve application security levels.
Veracode's Software Security Ratings Service is used to assess and identify the severity and exploitability of software flaws. By producing a software security rating, enterprises now are able to gain insight into the security quality of software similar to that provided by Moody's([R]), Standard and Poor's Noun 1. Standard and Poor's - a broadly based stock market index
Standard and Poor's Index ([R]) or Consumer Reports([R])for other products.
Today's software industry is one of the largest in the world, with annual revenues of over $350 billion(a), yet there is no standard way to measure software security. The operational risk and burden on enterprises and consumers from insecure in·se·cure
1. Lacking emotional stability; not well-adjusted.
2. Lacking self-confidence; plagued by anxiety.
in software has been steadily growing due to increasing vulnerability disclosures Refers to reporting security flaws to vendors and the general public. Normally, vulnerabilities are first reported to the software vendor and then revealed to the public after the vendor has published a patch to fix the problem. , associated product In the context of fuels and lubricants, a petroleum or chemical product used as a hydraulic fluid, corrosion preventive, liquid propellant, or specialized product, required for the operation, maintenance, or storage of military equipment. patches, data breaches leading to massive identity theft and, more recently, fluctuations in corporate stock prices.
Until now, independent software ratings have not been possible due to the sensitivity associated with releasing source code for independent evaluation and the fact that existing evaluation tools are not able to assess 100% of the application code, a pre-requisite for an accurate security assessment. Veracode's innovation with binary security analysis, coupled with its on-demand service model that integrates multiple testing techniques, makes this rating service possible.
"Our breakthrough binary analysis makes it possible for Veracode to assist the software community to raise the level of software security," said Matt Moynahan, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Veracode. "Our objective is to drive innovation that makes it easy and cost effective for enterprises and ISVs alike to independently determine whether the software they are buying or selling is secure and demonstrate that they take software security seriously."
Veracode's Software Security Rating Service is based on respected industry standards including MITRE's and NIST's Common Weakness Enumeration 1. (mathematics) enumeration - A bijection with the natural numbers; a counted set.
2. (programming) enumeration - enumerated type. (CWE CWE Cold Water Extraction
CWE Common Weakness Enumeration (trademark of MITRE Corporation)
CWE Cooperative Work Experience
CWE Center for Women & Enterprise
CWE Collaborative Work Environment ) for classification of software weaknesses and FIRST's Common Vulnerability Scoring System Noun 1. scoring system - a system of classifying according to quality or merit or amount
classification system - a system for classifying things (CVSS CVSS Common Vulnerability Scoring System
CVSS Currumbin Valley State School (Gold Coast, Australia) ) for severity and ease of exploitability. Veracode is the only organization to combine these standards into a meaningful and practical way to assess software security across internally and externally developed applications.
"We are pleased that Veracode, the first organization to declare Common Weakness Enumeration compatibility for CWE Coverage, CWE Output and CWE Searchable, is committed to promoting standards such as CWE," said Steve Christey, technical lead for MITRE's CWE initiative. "Early adopters such as Veracode play an important role in bringing clarity to the application security space for their customers."
Enterprise use cases for the ratings service include implementing software procurement The fancy word for "purchasing." The procurement department within an organization manages all the major purchases. best practices through security thresholds for purchased software, implementing code acceptance security policies for outsourced application development and evaluation of software security risk in M&A transactions.
"The industry needs a way to measure how secure software is, whether that software is purchased, built in house or comes from an outsourced developer," said Diana Kelley, analyst at the Burton Group. "The ability to rate software security levels allows companies to manage risk by determining whether or not the software meets their requirements."
Learn more about Veracode software ratings at: www.veracode.com.
Veracode is the industry's first provider of automated, on-demand application security solutions. Created by a world-class team of application security experts from @stake, Guardent, ISS ISS
See Institutional Shareholder Services (ISS). , VeriSign and Symantec, the company delivers services to identify software flaws introduced through coding errors or malicious intent. Veracode's core service, SecurityReview uses patented binary code binary code
Code used in digital computers, based on a binary number system in which there are only two possible states, off and on, usually symbolized by 0 and 1. Whereas in a decimal system, which employs 10 digits, each digit position represents a power of 10 (100, 1,000, analysis that is uniquely able to inspect entire application inventories, including components, and does not require companies to expose their valuable source code. Enterprises can now protect their intellectual property while preventing attacks allowed by vulnerabilities in applications.
As the most accurate and comprehensive solution, Veracode makes it simple and cost-effective to implement application security best practices and reduce operational costs related to manual reviews. Whether a company is developing applications internally, purchasing software or integrating code from partners, Veracode's SecurityReview provides insight to the security level of your applications. Outsourcing code analysis to Veracode is the easiest way to secure your software. With a pragmatic approach to application security, Veracode helps you fix what matters most to your business.
For more information, please visit www.veracode.com.
(a) Software Magazine, October 2006