Burlington, MA – April 14, 2009 – Veracode Inc., provider of the world’s leading Application Risk Management Platform, today announced that it has expanded its SecurityReview® cloud-based subscription service to simplify managing application security risk and regulatory compliance across a diverse enterprise application portfolio including internally developed, purchased, outsourced and open source applications. The enhanced Application Risk Management platform, available this calendar quarter, enables enterprises and ISVs to cost-effectively implement centralized governance and controls for software security across their entire portfolio while simultaneously providing a continuous skills development model for internal and extended development teams.
Veracode SecurityReview provides organizations with a holistic approach to combat the epidemic of security breaches, compliance failures and business process interruptions reported in the “Application Risk Management in Business Survey” conducted by Forrester Research and Veracode and published on April 14, 2009. In the report, more than 62% of businesses said they experienced a security breach in the past 12 months due to exploitation of vulnerabilities in their critical software applications.
“Being able to quantify and qualify the risk from applications, internally developed, outsourced or commercial software enables us to make informed acquisition and deployment decisions and protect our critical data,” said, Stephen Scharf, CISO of Experian . “Having the ability to embed security training, integrate our existing internal testing and have insight into the security of open source through a single platform provides us with a clear and measureable compliance framework.”
With this release, Veracode’s SecurityReview has expanded its industry leading static and dynamic application security testing to include:
Application Portfolio Management
Veracode’s Application Risk Management Platform enables organizations to identify, classify and track their entire application portfolio regardless of the origin of the application from a central console and set security policy based on compliance or industry standards such as PCI, SANS Top 25 or OWASP Top 10.
Developer Training and eLearning
Web-based secure programming training modules for developers and security personnel are integrated directly into Veracode’s Application Risk Management Platform enabling organizations to meet formal security training, CPE credit and competency testing requirements and to continuously improve their skills through targeted.
Open Source Ratings Database (OSRDB)
Through Veracode’s Open Source Ratings Database, organizations gain access to a growing catalog of independent security ratings for enterprise-class open source projects to understand the risk of integrating open source software into applications or deploying in their critical software infrastructure.
Integration of 3rd Party Testing products and services
Enterprises, consultants and third party providers can upload results of penetration testing directly into Veracode’s platform providing a single framework for managing application risk regardless of testing method or vendor.
Integration with Enterprise Governance, Risk and Compliance Frameworks
Recently announced, enterprises will have direct access to Veracode’s SecurityReview application risk management data within Archer’s SmartSuite Framework, allowing centralized management of critical business intelligence for internal and externally sourced applications.
Unlimited Usage Subscriptions
Unlimited usage is designed to overcome complex pricing models associated with on-premise software licenses ranging from per seat, per CPU, and/or per line of code pricing schemes. Veracode’s Software-as-a-Service (SaaS) subscription enables organizations to do more with less by leveraging Veracode’s cloud-based platform to conduct unlimited security assessments.
“Most companies know there’s an application security problem,” said Diana Kelley principal analyst, SecurityCurve. “Today’s application development, testing, purchasing, and outsourcing processes are often poorly managed and ad-hoc, leading to inefficient spending and uneven results. To achieve consistent application risk governance, organizations need to implement coherent, repeatable processes within an enterprise-wide application risk framework.”
“The security landscape has clearly changed,” said Matt Moynahan, CEO of Veracode. “The combination of economic conditions, ad-hoc approaches and the exponential increase of data breaches as a result of insecure software require a new framework to manage application risk. Veracode’s recent service enhancements demonstrate our continued commitment to providing our customers with a simple, intuitive and turnkey approach to implementing effective application security programs. By leveraging Veracode’s cloud-based application risk management infrastructure, organizations can protect their employee, customer and partner data in a rapid and cost-effective enterprise-wide deployment model.”
About Veracode
Veracode provides the world’s leading Application Risk Management Platform. Veracode SecurityReview‘s patented and proven cloud-based capabilities allow customers to govern and mitigate software security risk across a single application or an enterprise portfolio with unmatched simplicity. Customers include the world’s largest and most security aware organizations in every industry. Recognized as a Gartner “Cool Vendor,” The Wall Street Journal’s “Technology Innovation Award,” The Banker’s “Information Security Project of the Year” with Barclays, SC Magazine’s “Best Vulnerability Assessment Solution,” Information Security “Readers’ Choice Award,” and AlwaysOn Northeast’s “Top 100 Private Company,” Veracode is Software Security Simplified™. For more information, visit www.veracode.com.
Contact:
Beth Cossette
Lois Paul & Partners
781-782-5715 Beth_Cossette@lpp.com