Veracode Launches Vendor Application Security Testing Program
Application security testing firm Veracode on Wednesday launched an automated program to help businesses evaluate security risks associated with third-party software.
Businesses don’t always have the time, budget, or internal resources to evaluate an application’s security posture. Administrators also rarely have access to the source code to perform that level of analysis. As a result, enterprises are not aware of the kind of risks they are facing by using cloud-based and third-party applications.
“The vast majority of enterprise software is not designed or built with security in mind,” said Bob Brennan, CEO of Burlington, Mass-based Veracode. “Veracode can provide immediate insight into the security of the software that runs an organization’s business, and help its software providers remediate those flaws that subject it to being attacked.”
Veracode cited a recent security report from PricewaterhouseCoopers that found up to 80 percent of third-party software failed basic OWASP tests for security compliance. With VAST, enterprises can also ensure they are meeting security and compliance requirements even when using third-party tools.
“Application security testing of third party providers should be a critical element of any information security initiative,” said Joseph Feiman, a research vice president and Gartner fellow. Independent security verification of vendor-supplied software is necessary to “fully guarantee software supply chain integrity,” Feiman said.