Veracode Launches First Application Intelligence Service to Provide Code-Level Insight Into Software Security Quality
Veracode SecurityInsights Enables Customers to Set Standards for Third-Party Software and Instantly Compare the Security Quality of Their Software Portfolio to Peers and Industry Benchmarks
Burlington near Boston, Mass. – 21 April, 2010 –
Veracode, Inc., provider of the world’s leading cloud-based application risk management services platform, today announced Veracode
SecurityInsights™, the first application intelligence service of its kind. Customers using SecurityInsights benefit from interacting with the broadest, deepest code-level security information in the world to set standards for security quality throughout their
software supply chain. With a click of the “Compare Me” button, SecurityInsights also enables current Veracode
SecurityReview® users to instantly compare their software portfolio against the aggregated security quality benchmarks from thousands of applications in their industry, programming language, third-party supplier and/or type of application.
“Having the ability to compare the state of security in our application portfolio to other organizations in similar industries and projects across Veracode’s comprehensive repository of applications from around the world will be invaluable,” said Donna Durkin, chief information security and privacy officer, Computershare. “This information at our fingertips will not only help us make the right business decisions, but will enable us see where we can improve before a problem arises.”
Unmatched Application Security Insight, Unparalleled Decision Making and Protection
Recent examples of third-party risk, such as the
Google-China incident, have created widespread recognition in the global 2000 of the need for operating controls to manage application risk. To accomplish this, organizations require credible
application security information to set specific acceptance criteria and internal security policies. For example, by leveraging the knowledgebase of SecurityInsights, users know that open source projects today have comparable security to commercial applications when evaluated against the CWE/SANS Top 25 Most Dangerous Programming Errors, enabling decision makers to establish informed acceptance criteria for similar commercial alternatives.
“Veracode SecurityInsights was designed to make it easier for our customers to solidify their software infrastructure before they are attacked or fall victim to a zero-day application vulnerability,” said Matt Moynahan, CEO of Veracode. “Because Veracode’s application intelligence from our cloud-based service is as dynamic as the threat environment itself, no enterprise or on-premise tool can provide this level of comprehensive analysis that users can immediately turn into business decision-making intelligence. Rather than merely responding to breaches and threats, executives now have what it takes to make proactive, enforceable decisions on the level of acceptable application security quality before the attack takes place.”
Depth of Application Security Data
The information in SecurityInsights is comprised of anonymized application security data from billions of lines of code and thousands of applications that have been submitted to Veracode for static, dynamic, and/or manual security testing. It provides the most comprehensive benchmark information on security quality in categories including:
- Application Profile and Portfolio Distribution
- Application Security Policy Compliance
- Vulnerability Prevalence
- Standards Compliance against CWE/SANS Top 25, OWASP Top 10
- Remediation Performance (e.g. How long to get to a VerAfied rating?)
The growing repository of code-level application information in SecurityInsights features the full spectrum of application types including Web and non-Web applications, programming languages such as Java, C/C++ and .NET from internal development teams, commercial, open source and outsource software suppliers, and represents more than 15 industries. More detailed information on the types of applications and vulnerabilities explored can be found in Veracode’s
State of Software Security report.
