Ratings

The ability to rate software security levels allows companies to manage risk by determining whether or not the software meets their requirements.
– Diana Kelley, principal analyst, SecurityCurve

Free Trial callout

VerAfied Software Assurance

Veracode's Risk Adjusted Verification Methodology, offers the industry’s first standards-based ratings system for determining security levels in software. The VerAfied mark provides a pragmatic way for enterprises and Independent Software Vendors (ISVs) to measure, compare and improve application security levels.

Datasheets
- VerAfied in Brief
- VerAfied Software Assurance Ratings
Webcasts
- 5 Reasons Why ISVs Should Get VerAfied

Verified Security Mark

The VerAfied security mark is quality indicator for the security level of applications and software components developed in-house or purchased from a third-party. Independent software vendors and enterprises gain insight into the security quality of software similar to that provided by Moody's®, Standard and Poor's® or Consumer Reports®. The software rating is completely transparent and based on industry-standards. Software that receives top ratings, can be actively promoted by the producing software vendor.

	The VerAfied security mark indicates that software has been independently assessed against the OWASP Top 10 and SANS Top 25 for technical flaws using automated static binary analysis and/or dynamic analysis and has been found to have reached an acceptable level of security quality.
	The VerAfied High Assurance security mark indicates that software has undergone additional manual application penetration testing to identify flaws in business logic and design and has been found to have reached an acceptable level of security quality.

Learn More about Veracode Risk Adjusted Verification Methodology.

Site Map | Responsible Disclosure Policy | Privacy Policy | Contact Us

Veracode's application security testing solution quantifies an application's security risk based on types, number and severity levels of flaws identified in the application. Veracode analyzes the key application security risks that matter most to enterprises including the most prevalent software vulnerabilities, the absence and presence of security features (e.g. encryption) and backdoors in third-party code. Each application's rating is generated based on automated static binary analysis, automated dynamic and/or manual security analysis techniques.

Veracode solutions deliver application security review services for enterprises that want to cost-efficiently achieve software security by identifying flaws in applications. Veracode SecurityReview is the first automated, on-demand, application security software solution that uses static binary analysis. Static application security testing enables organizations to scan software for flaws and malicious code before purchasing or deploying it. And because Veracode's approach to Static application security testing uses binary analysis—scanning binary code (compiled or "byte" code) instead of source code—SecurityReview can test 100 percent of an application, offering comprehensive coverage and greater application security. In addition, Veracode's web application security testing can provide Web services security as a critical part of an enterprise-wide software assurance strategy.

Please access other sections of this site to learn more about our approach to security testing, code review, web security and application backdoors.