|
contents | business | |||||||
| Veracode's SecurityReview Services Launched Veracode is launching the world's first portfolio of subscription-based services to provide organisations with a completely independent view of the risks posed to them by their applications. The Veracode SecurityReview service presents a major breakthrough by allowing users to obtain a single clear view of security risks right across their applications, whether those applications are purchased as commercial off-the-shelf software or developed offshore. As part of this new offering Veracode is the first to deliver independent auditing of externally sourced code, a cause of considerable security concern for a growing number of businesses. By its innovative use of patented technology, Veracode is also the only provider to identify and remedy the security flaws in binary code, the very foundation of all today's software applications, and thus eliminate the need for an organisation to hand over for test intellectual property represented in source code. Application security has risen to the top of the agenda for security professionals striving to control their company's overall risk profile. According to the Computer Emergency Response Team (CERT), more than 7,000 new vulnerabilities were discovered over the last year, with 92 percent of vulnerabilities found in software according to National Institute of Standards and Technology (NIST). With organisations deploying an increasing number of complex applications – some developed internally, some offshore, some purchased off-the-shelf – the effort needed to manage risk becomes greater. Traditional approaches have focused on conducting costly and time-consuming manual penetration tests or using tools that typically require source code which is not usually available in mixed-code base environments or commercial applications. Based on patented, static binary testing technology and dynamic web scanning, Veracode's SecurityReview is the industry's first solution specifically designed to overcome the limitations of traditional tools and manual penetration tests: • Veracode's comprehensive portfolio of services covers all testing needs – including internal security reviews, PCI compliance, COTS security audits and outsourced secure code acceptance. • Veracode is the only organisation to scan code using automated techniques which mirror the way a machine executes code or a hacker's approach to attack – accurately assessing the roots of the problem as no other tool can do. • It is the only company to offer organisations application code reviews on a software-as-a-service subscription basis (eliminating the need to install or maintain costly software, hardware or train personnel). • Veracode helps users keep in lockstep with new threats by leveraging its on-demand security platform, pooling the learning from every scan across all customers. • No one else can identify and remedy the security flaws in binary code, the very foundation of all today's software applications. • Veracode is the first provider to help organisations improve their application security without asking them to hand over the intellectual property represented in source code. • Veracode alone deals with scanning mixed-code-based applications as it can tackle both dynamic and static testing of code – reducing the fud (fear, uncertainty and doubt) factor in software procurement. TheVeracode SecurityReview Service Portfolio is now comprised of the following on-demand services: • Outsourcing SecurityReview: Provides a simple, cost-effective, and automated security audits that ensures enterprises receive secure code from offshore development partners. • COTS (Common-off-the-shelf software) SecurityReview: Helps enterprises and government agencies quantify and manage security risks of commercial off-the-shelf software. • SDLC (Software development life cycle) SecurityReview: Enables security teams to conduct security assessments on mission-critical internally developed applications before they ship. • PCI SecurityReview: Automates and shortens the process for achieving compliance with the application security requirements of PCI-DSS, Visa PABP and PA-DSS in a simple and cost-effective way. All four SecurityReview services are available immediately. write your comments about the article :: © 2008 Computing News :: home page |