Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

New Veracode Service Tests Third Party Software Applications

Veracode Launches Vendor Application Security Testing Program

Application security testing firm Veracode on Wednesday launched an automated program to help businesses evaluate security risks associated with third-party software.

Veracode Launches Vendor Application Security Testing Program

Application security testing firm Veracode on Wednesday launched an automated program to help businesses evaluate security risks associated with third-party software.

VeracodeThe Vendor Application Security Testing (VAST) offering is an independent, automated, and fully outsourced program that ensures vendor-supplied software meets security and compliance requirements, Veracode said Wednesday. Since Veracode can analyze third-party software without needing access to the source code, VAST provides businesses insight into outsourced tools without compromising the vendor’s intellectual property, the company said.

Businesses don’t always have the time, budget, or internal resources to evaluate an application’s security posture. Administrators also rarely have access to the source code to perform that level of analysis. As a result, enterprises are not aware of the kind of risks they are facing by using cloud-based and third-party applications.

“The vast majority of enterprise software is not designed or built with security in mind,” said Bob Brennan, CEO of Burlington, Mass-based Veracode. “Veracode can provide immediate insight into the security of the software that runs an organization’s business, and help its software providers remediate those flaws that subject it to being attacked.”

Veracode cited a recent security report from PricewaterhouseCoopers that found up to 80 percent of third-party software failed basic OWASP tests for security compliance. With VAST, enterprises can also ensure they are meeting security and compliance requirements even when using third-party tools.

“Application security testing of third party providers should be a critical element of any information security initiative,” said Joseph Feiman, a research vice president and Gartner fellow. Independent security verification of vendor-supplied software is necessary to “fully guarantee software supply chain integrity,” Feiman said.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.