Verified Logo Program

Ratings

The ability to rate software security levels allows companies to manage risk by determining whether or not the software meets their requirements.
– Diana Kelley, analyst, the Burton Group

The Veracode software ratings system

Veracode offers the industry’s first standards-based ratings system for determining security levels in software. The Veracode ratings system provides a pragmatic way for enterprises and Independent Software Vendors (ISVs) to measure, compare and improve application security levels.

Protecting Your Web Applications

Protecting Against Malicious Backdoors

Datasheets
Webcasts
- Forrester Webcast on 3rd Party Software Risk
Podcasts
- Veracode CTO on Software Security Testing

Verified Logo Program

The Verified by Veracode Logo Program is quality indicator for the security level of applications and software components developed in-house or purchased from a third-party. Independent software vendors and enterprises gain insight into the security quality of software similar to that provided by Moody's®, Standard and Poor's® or Consumer Reports® for other products. Veracode’s ratings are completely transparent and based on industry-standards. Software that receives top ratings, i.e. at a minimum is rated at the “A” level for high assurance levels can be actively promoted by the producing software vendor.

The application has received the highest possible rating with multiple testing techniques being applied, i.e. static binary application security testing, dynamic application security testing and manual penetration testing. All three techniques are typically conducted for applications with the highest assurance levels.
The application has received the highest possible rating with both automated testing techniques being applied, i.e. static binary application security testing and dynamic application security testing.
The application has received the highest possible rating for static binary application security testing, which provides a strong baseline security foundation.

Veracode’s Verified by Veracode Logo program provides key benefits to both enterprises and software developers.

How Independent Software Vendors Leverage the “Verified by Veracode” Logo Program

Obtain detailed insight into the security risk of their commercial software products
Use the rating to kick-start a secure SDLC process
Protect their brand from potential security risks
Proactively execute an actionable remediation roadmap
Differentiate and market security as a key feature and selling point from competitive offerings

How Enterprises leverage the “Verified by Veracode” Logo Program

Gain insight and transparency into internally developed custom applications
Minimize unbounded risk associated with third-party software and service providers
Establish mitigating controls by creating thresholds for purchased software, before it is deployed in-house
Provide a consistent security benchmark when comparing multiple applications and/or multiple versions of the same application over time
Develop a security procurement governance model that delivers permanent and persistent success for the business through excellence in procurement

Site Map | Responsible Disclosure Policy | Privacy Policy | Contact Us

Veracode's application security testing solution quantifies an application's security risk based on types, number and severity levels of flaws identified in the application. Veracode analyzes the key application security risks that matter most to enterprises including the most prevalent software vulnerabilities, the absence and presence of security features (e.g. encryption) and backdoors in third-party code. Each application's rating is generated based on automated static binary analysis, automated dynamic and/or manual security analysis techniques.

Veracode solutions deliver application security review services for enterprises that want to cost-efficiently achieve software security by identifying flaws in applications. Veracode SecurityReview is the first automated, on-demand, application security software solution that uses static binary analysis. Static application security testing enables organizations to scan software for flaws and malicious code before purchasing or deploying it. And because Veracode's approach to Static application security testing uses binary analysis—scanning binary code (compiled or "byte" code) instead of source code—SecurityReview can test 100 percent of an application, offering comprehensive coverage and greater application security. In addition, Veracode's web application security testing can provide Web services security as a critical part of an enterprise-wide software assurance strategy.

Please access other sections of this site to learn more about our approach to security testing, code review, web security and application backdoors.

Ratings

Datasheets

Webcasts

Podcasts