News
Veracode, Inc. announced Veracode SecurityInsights
April 2010 by Marc Jacob
Veracode, Inc. announced Veracode SecurityInsights™. Customers using SecurityInsights benefit from interacting with the broadest, deepest code-level security information in the world to set standards for security quality throughout their software supply chain. With a click of the “Compare Me” button, SecurityInsights also enables current Veracode SecurityReview® users to instantly compare their software portfolio against the aggregated security quality benchmarks from thousands of applications in their industry, programming language, third-party supplier and/or type of application.
Unmatched Application Security Insight, Unparalleled Decision Making and Protection
Recent examples of third-party risk, such as the Google-China incident, have created widespread recognition in the global 2000 of the need for operating controls to manage application risk. To accomplish this, organizations require credible application security information to set specific acceptance criteria and internal security policies. For example, by leveraging the knowledgebase of SecurityInsights, users know that open source projects today have comparable security to commercial applications when evaluated against the CWE/SANS Top 25 Most Dangerous Programming Errors, enabling decision makers to establish informed acceptance criteria for similar commercial alternatives.
Depth of Application Security Data
The information in SecurityInsights is comprised of anonymized application security data from billions of lines of code and thousands of applications that have been submitted to Veracode for static, dynamic, and/or manual security testing. It provides the most comprehensive benchmark information on security quality in categories including:
Application Profile and Portfolio Distribution
Application Security Policy Compliance
Vulnerability Prevalence
Standards Compliance against CWE/SANS Top 25, OWASP Top 10
Remediation Performance (e.g. How long to get to a VerAfied rating?)
The growing repository of code-level application information in SecurityInsights features the full spectrum of application types including Web and non-Web applications, programming languages such as Java, C/C++ and .NET from internal development teams, commercial, open source and outsource software suppliers, and represents more than 15 industries. More detailed information on the types of applications and vulnerabilities explored can be found in Veracode’s State of Software Security report.
– Pricing and Availability
Veracode SecurityInsights will be available in Q2 2010 and bundled with Veracode’s SecurityReview Enterprise Edition at no additional cost. It will also be available as a stand-alone service.
