Burlington, Mass. – August 18, 2009 – Veracode Inc., provider of the world’s leading Application Risk Management Platform, today announced that the ELMAH (Error Logging Modules and Handlers) open source project has received Veracode’s “A” security rating. This achievement demonstrates that ELMAH has developed a secure application that has been independently evaluated for software vulnerabilities against industry standards such as the OWASP Top 10 and SANS-CWE Top 25.
“We’re delighted that ELMAH has earned Veracode’s “A” security rating,” said Atif Aziz, the creator and lead developer of ELMAH. “ELMAH has recently received widespread attention from the Microsoft developer community as it reached its 1.0 milestone. It has been downloaded by thousands of developers and IT operators and deployed with their ASP.NET applications during development, staging and production. With an independent security rating, we are now able to give everyone, from individuals to enterprises, greater confidence and insight into the security of ELMAH.”
Veracode’s recently announced Open Source Ratings Database is a first of its kind, central repository for security insight into enterprise-class open source projects such as ELMAH. This effort helps spread adoption and usage of open source projects, while enabling enterprises to gain an understanding of the risk/benefit trade-off of integrating open source.
“Open source software has become a critical component of an enterprise’s overall software portfolio,” said Matt Moynahan, CEO of Veracode. Veracode’s independent security ratings empowers open source project teams to build more secure code and provides enterprises with insight into the security of both commercial and open source software before they acquire and deploy. ELMAH has established a leadership position in the market by demonstrating the security quality of its software which will drive continued adoption in enterprise markets.”
ELMAH has rapidly become the most popular open source project for adding centralized error logging and notification to ASP.NET web applications. Even the best written web applications can have unforeseen issues. Enterprise and independent developers leverage ELMAH to detect unhandled exceptions in their web applications to quickly identify and remediate issues. By taking advantage of ASP.NET’s pluggable architecture, ELMAH can be added dynamically to a running web application without the need for recompilation or redeployment which makes integration seamless and doesn’t require any downtime.
About Veracode
Veracode provides the world’s leading Application Risk Management Platform. Veracode SecurityReview‘s patented and proven cloud-based capabilities allow customers to govern and mitigate software security risk across a single application or an enterprise portfolio with unmatched simplicity. Customers include the world’s largest and most security aware organizations in every industry. Recognized as a Gartner “Cool Vendor,” The Wall Street Journal’s “Technology Innovation Award,” The Banker’s “Information Security Project of the Year” with Barclays, SC Magazine’s “Best Vulnerability Assessment Solution,” Information Security “Readers’ Choice Award,” and AlwaysOn Northeast’s “Top 100 Private Company,” Veracode is Software Security Simplified™. For more information, visit www.veracode.com.
Beth Cossette
Lois Paul & Partners
781-782-5715 Beth_Cossette@lpp.com