A new online community and resource center is being formed, where visitors will be able interact, contribute and learn how to identify new security gaps and improve the accuracy of application vulnerability detection. The goal? To improve the state of software security.
Boston based Veracode, Inc., developer and host of the destination they are calling “ZeroDay Labs,” aims to provide software developers, security teams, CSOs/CISOs, security consultants and Veracode partners access to valuable data and research related to achieving software quality and application security goals.
ZeroDay Labs will offer code-level examples of vulnerabilities drawn from member experiences. As the community grows, based on voluntary submissions, Veracode will accelerate awareness and remediation efforts by sharing real-world examples among participants.
Organizations are encouraged to submit one qualifying application, free of charge, to the VerAfied Software Directory, a list of Independent Software Vendors (ISVs), service providers and enterprises that have successfully completed the Veracode Security Verification Process for their software product and/or infrastructure, and achieved the VerAfied™ security mark. The VerAfied mark indicates that an application has received an independent security verification from Veracode and the provider has resolved or mitigated any vulnerabilities identified by automated static binary analysis and automated dynamic analysis (if applicable).
Submissions can be made two ways: known vulnerabilities, where organizations can then use the assessment to automate detection across their portfolio; or unknown, where manual source code review is used to augment and improve static binary analysis. For known and unknown vulnerabilities, Veracode will use the results to automate detection. Veracode has analyzed over 1,600 applications across 15 industries, representing billions of lines of code.
“Think of ZeroDay Labs and our VerAfied Software Directory like the Centers for Disease Control. With the more patient information and case detail submitted to the CDC, the more effective physicians around the world can become in terms of prescribing treatments,” said Chris Wysopal, co-founder and CTO, Veracode, Inc. “In the case of our Software Directory, the richer the database of software vulnerabilities across industries, languages and technical platforms, the more security and development teams can learn about ensuring the highest degree of application risk management and performance in their own environments.”
Over time, the site plans to evolve with the addition of an aggregate of RSS and other feeds from relevant sites, companies and partners. A plan for a social network for security software professionals to discuss newly identified vulnerabilities and other technical topics is in the works. The site will also be connected to other social networking sites including LinkedIn, Facebook and Twitter. Chris Eng, Senior Director of Security Research at Veracode, said Veracode doesn’t have a clear timeline for when these additional community features will be rolled out and that it will depend on adoption and involvement from the industry.
ZeroDay Labs is led by members of Veracode’s core research team including Chris Wysopal, co-founder and CTO; Chris Eng, senior director, security research; and Tyler Shields, senior security researcher.
For more information, visit: http://www.veracode.com/zerodaylabs