Skip navigation
Veracode SecurityInsights first of type

Veracode SecurityInsights Enables Customers to Set Standards for Third-Party Software and Instantly Compare the Security Quality of Their Software Portfolio to Peers and Industry Benchmarks

Burlington near Boston, Mass. – 21 April, 2010 – Veracode, Inc., provider of the world’s leading cloud-based application risk management services platform, today announced Veracode SecurityInsights™|http://info.veracode.com/securityinsights.html), the first application intelligence service of its kind. Customers using SecurityInsights benefit from interacting with the broadest, deepest code-level security information in the world to set standards for security quality throughout their software supply chain. With a click of the “Compare Me” button, SecurityInsights also enables current Veracode SecurityReview® users to instantly compare their software portfolio against the aggregated security quality benchmarks from thousands of applications in their industry, programming language, third-party supplier and/or type of application.

“Having the ability to compare the state of security in our application portfolio to other organizations in similar industries and projects across Veracode’s comprehensive repository of applications from around the world will be invaluable,” said Donna Durkin, chief information security and privacy officer, Computershare. “This information at our fingertips will not only help us make the right business decisions, but will enable us see where we can improve before a problem arises.”

Unmatched Application Security Insight, Unparalleled Decision Making and Protection
Recent examples of third-party risk, such as the Google-China incident, have created widespread recognition in the global 2000 of the need for operating controls to manage application risk. To accomplish this, organizations require credible application security information to set specific acceptance criteria and internal security policies. For example, by leveraging the knowledgebase of SecurityInsights, users know that open source projects today have comparable security to commercial applications when evaluated against the CWE/SANS Top 25 Most Dangerous Programming Errors, enabling decision makers to establish informed acceptance criteria for similar commercial alternatives.

“Veracode SecurityInsights was designed to make it easier for our customers to solidify their software infrastructure before they are attacked or fall victim to a zero-day application vulnerability,” said Matt Moynahan, CEO of Veracode. “Because Veracode’s application intelligence from our cloud-based service is as dynamic as the threat environment itself, no enterprise or on-premise tool can provide this level of comprehensive analysis that users can immediately turn into business decision-making intelligence. Rather than merely responding to breaches and threats, executives now have what it takes to make proactive, enforceable decisions on the level of acceptable application security quality before the attack takes place.”


Depth of Application Security Data
The information in SecurityInsights is comprised of anonymized application security data from billions of lines of code and thousands of applications that have been submitted to Veracode for static, dynamic, and/or manual security testing. It provides the most comprehensive benchmark information on security quality in categories including:

• Application Profile and Portfolio Distribution
• Application Security Policy Compliance
• Vulnerability Prevalence
• Standards Compliance against CWE/SANS Top 25, OWASP Top 10
• Remediation Performance (e.g. How long to get to a VerAfied rating?)

The growing repository of code-level application information in SecurityInsights features the full spectrum of application types including Web and non-Web applications, programming languages such as Java, C/C++ and .NET from internal development teams, commercial, open source and outsource software suppliers, and represents more than 15 industries. More detailed information on the types of applications and vulnerabilities explored can be found in Veracode’s State of Software Security report|http://www.veracode.com/reports/index.html

Pricing and Availability
Veracode SecurityInsights will be available in Q2 2010 and bundled with Veracode’s SecurityReview Enterprise Edition at no additional cost. It will also be available as a stand-alone service. Pricing available upon request. For more information, contact Veracode at +1 781-425-6040 or contact@veracode.com.

About Veracode
Veracode is the world’s leader in cloud-based application risk management. With patented binary code analysis, dynamic Web assessments, and partner or Veracode-delivered manual penetration testing, combined with developer e-learning and access to open source security ratings, Veracode SecurityReview® allows customers to independently verify application security in both internally developed applications and third-party software without requiring source code or expensive tools. Veracode provides the most simple, complete and accurate way to implement security best practices, reduce operational cost and comply with internal security policies or external standards such as OWASP Top 10, CWE/SANS Top 25 and PCI. Veracode works with global organizations across multiple vertical industries including Barclays PLC, California Public Employees’ Retirement System (CalPERS), Computershare, and the Federal Aviation Administration (FAA). For more information, visit www.veracode.com.

Copyright © 2010 Veracode, Inc. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

Media Contact:

Jane Folwell
Folwell PR
Tel: 01344 845132
Mob tel: 07950 033370
Email: jane@folwellpr.co.uk

This press release was distributed by SourceWire News Distribution on behalf of Jane Folwell in the following categories: Computing & Telecoms. For more information visit http://www.sourcewire.com/about.