CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

New Veracode Service Tests Third Party Software Applications

Veracode Launches Vendor Application Security Testing Program

Application security testing firm Veracode on Wednesday launched an automated program to help businesses evaluate security risks associated with third-party software.

Veracode Launches Vendor Application Security Testing Program

Application security testing firm Veracode on Wednesday launched an automated program to help businesses evaluate security risks associated with third-party software.

VeracodeThe Vendor Application Security Testing (VAST) offering is an independent, automated, and fully outsourced program that ensures vendor-supplied software meets security and compliance requirements, Veracode said Wednesday. Since Veracode can analyze third-party software without needing access to the source code, VAST provides businesses insight into outsourced tools without compromising the vendor’s intellectual property, the company said.

Businesses don’t always have the time, budget, or internal resources to evaluate an application’s security posture. Administrators also rarely have access to the source code to perform that level of analysis. As a result, enterprises are not aware of the kind of risks they are facing by using cloud-based and third-party applications.

“The vast majority of enterprise software is not designed or built with security in mind,” said Bob Brennan, CEO of Burlington, Mass-based Veracode. “Veracode can provide immediate insight into the security of the software that runs an organization’s business, and help its software providers remediate those flaws that subject it to being attacked.”

Veracode cited a recent security report from PricewaterhouseCoopers that found up to 80 percent of third-party software failed basic OWASP tests for security compliance. With VAST, enterprises can also ensure they are meeting security and compliance requirements even when using third-party tools.

“Application security testing of third party providers should be a critical element of any information security initiative,” said Joseph Feiman, a research vice president and Gartner fellow. Independent security verification of vendor-supplied software is necessary to “fully guarantee software supply chain integrity,” Feiman said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.