Application risk management platform provider, Veradode, Inc., today announced Veracode SecurityInsights, a cloud-based service enabling Veracode users to instantly compare their software against the aggregated security quality benchmarks from thousands of applications in their industry.
“Having the ability to compare the state of security in our application portfolio to other organizations in similar industries and projects across Veracode’s comprehensive repository of applications from around the world will be invaluable,” said Donna Durkin, chief information security and privacy officer, Computershare.
With enterprise targeted attacks on the rise, organizations need to manage application risk and require credible application security information to set specific acceptance criteria and internal security policies. By leveraging the SecurityInsights knowledgebase, users are able to establish informed acceptance criteria, evaluate code against dangerous programming errors, and compare open source software and commercial alternatives.
“Veracode SecurityInsights was designed to make it easier for our customers to solidify their software infrastructure before they are attacked or fall victim to a zero-day application vulnerability,” said Matt Moynahan, CEO of Veracode. “Rather than merely responding to breaches and threats, executives now have what it takes to make proactive, enforceable decisions on the level of acceptable application security quality before the attack takes place.”
SecurityInsights data is comprised of anonymized application security data from billions of lines of code and thousands of applications that submitted to Veracode.The platform provides comprehensive benchmark information on security quality in categories including: Application Profile and Portfolio Distribution, Application Security Policy Compliance, Vulnerability Prevalence, Standards Compliance against CWE/SANS Top 25 and OWASP Top 10 vulnerabilities.
SecurityInsights features a growing repository of code-level application information for application types including Web and non-Web applications, programming languages such as Java, C/C++ and .NET from internal development teams, commercial, open source and outsource software suppliers.
Veracode’s cloud-based model for application risk management scales globally across teams and geographies without need for any hardware or software and “gets smarter the more code it processes.” The company claims, that by being more dynamic than “on premise” solutions, developers get higher quality results, reduced risk and significantly improved productivity.