Actu
Veracode Introduces SecurityReview® for Application Risk Management
April 2009 by Marc Jacob
Veracode Inc. announced that it has expanded its SecurityReview® cloud-based subscription service to simplify managing application security risk and regulatory compliance across a diverse enterprise application portfolio including internally developed, purchased, outsourced and open source applications. The enhanced Application Risk Management platform, available this calendar quarter, enables enterprises and ISVs to cost-effectively implement centralized governance and controls for software security across their entire portfolio while simultaneously providing a continuous skills development model for internal and extended development teams.
More than 62% of businesses have experienced a security breach in the last 12 months due to exploitation of vulnerabilities in their critical software applications, according to a new survey conducted by Forrester Research. Veracode SecurityReview provides organizations with a holistic approach to combat the epidemic of security breaches, compliance failures and business process interruptions.
With this release, Veracode’s SecurityReview has expanded its industry leading static and dynamic application security testing to include:
Application Portfolio Management
Veracode’s Application Risk Management Platform enables organizations to identify, classify and track their entire application portfolio regardless of the origin of the application from a central console and set security policy based on compliance or industry standards such as PCI, SANS Top 25 or OWASP Top 10.
Developer Training and eLearning
Web-based secure programming training modules for developers and security personnel are integrated directly into Veracode’s Application Risk Management Platform enabling organizations to meet formal security training, CPE credit and competency testing requirements and to continuously improve their skills through targeted.
Open Source Ratings Database (OSRDB)
Through Veracode’s Open Source Ratings Database, organizations gain access to a growing catalog of independent security ratings for enterprise-class open source projects to understand the risk of integrating open source software into applications or deploying in their critical software infrastructure.
Integration of 3rd Party Testing products and services
Enterprises, consultants and third party providers can upload results of penetration testing directly into Veracode’s platform providing a single framework for managing application risk regardless of testing method or vendor.
Integration with Enterprise Governance, Risk and Compliance Frameworks
Recently announced, enterprises will have direct access to Veracode’s SecurityReview application risk management data within Archer’s SmartSuite Framework, allowing centralized management of critical business intelligence for internal and externally sourced applications.
Unlimited usage is designed to overcome complex pricing models associated with on-premise software licenses ranging from per seat, per CPU, and/or per line of code pricing schemes. Veracode’s Software-as-a-Service (SaaS) subscription enables organizations to do more with less by leveraging Veracode’s cloud-based platform to conduct unlimited security assessments.
