Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

New Destination Coming for ‘Security Aware’ Software Professionals

A new online community and resource center is being formed, where visitors will be able interact, contribute and learn how to identify new security gaps and improve the accuracy of application vulnerability detection. The goal? To improve the state of software security.

A new online community and resource center is being formed, where visitors will be able interact, contribute and learn how to identify new security gaps and improve the accuracy of application vulnerability detection. The goal? To improve the state of software security.

Boston based Veracode, Inc., developer and host of the destination they are calling “ZeroDay Labs,” aims to provide software developers, security teams, CSOs/CISOs, security consultants and Veracode partners access to valuable data and research related to achieving software quality and application security goals.Veracode Software Security Logo

ZeroDay Labs will offer code-level examples of vulnerabilities drawn from member experiences. As the community grows, based on voluntary submissions, Veracode will accelerate awareness and remediation efforts by sharing real-world examples among participants.

Organizations are encouraged to submit one qualifying application, free of charge, to the VerAfied Software Directory, a list of Independent Software Vendors (ISVs), service providers and enterprises that have successfully completed the Veracode Security Verification Process for their software product and/or infrastructure, and achieved the VerAfied™ security mark. The VerAfied mark indicates that an application has received an independent security verification from Veracode and the provider has resolved or mitigated any vulnerabilities identified by automated static binary analysis and automated dynamic analysis (if applicable).

Submissions can be made two ways: known vulnerabilities, where organizations can then use the assessment to automate detection across their portfolio; or unknown, where manual source code review is used to augment and improve static binary analysis. For known and unknown vulnerabilities, Veracode will use the results to automate detection. Veracode has analyzed over 1,600 applications across 15 industries, representing billions of lines of code.

“Think of ZeroDay Labs and our VerAfied Software Directory like the Centers for Disease Control. With the more patient information and case detail submitted to the CDC, the more effective physicians around the world can become in terms of prescribing treatments,” said Chris Wysopal, co-founder and CTO, Veracode, Inc. “In the case of our Software Directory, the richer the database of software vulnerabilities across industries, languages and technical platforms, the more security and development teams can learn about ensuring the highest degree of application risk management and performance in their own environments.”

Over time, the site plans to evolve with the addition of an aggregate of RSS and other feeds from relevant sites, companies and partners. A plan for a social network for security software professionals to discuss newly identified vulnerabilities and other technical topics is in the works. The site will also be connected to other social networking sites including LinkedIn, Facebook and Twitter. Chris Eng, Senior Director of Security Research at Veracode, said Veracode doesn’t have a clear timeline for when these additional community features will be rolled out and that it will depend on adoption and involvement from the industry.

ZeroDay Labs is led by members of Veracode’s core research team including Chris Wysopal, co-founder and CTO; Chris Eng, senior director, security research; and Tyler Shields, senior security researcher.

For more information, visit: http://www.veracode.com/zerodaylabs

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Application Security

A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...