Veracode Expands Participation in Government-wide Contracting Schedules

News & Events

Veracode Expands Participation in Government-wide Contracting Schedules

Burlington, Mass. - October 15, 2008 – Veracode Inc., the world’s leader for on-demand application security testing solutions, today announced its inclusion in two more government-wide contracting vehicles as a source for the Federal Government’s information security solutions. Through its partner, Intelligent Decisions, a certified small, minority-owned business and a leading provider of information technology solutions to the federal market, Veracode is being included in both the NASA Solutions for Enterprise-Wide Procurement (SEWP IV) GWAC (Government-Wide Acquisition Contract) as well as the National Institute of Health's (NIH) ECS III (GWAC).

This is further indication of Veracode's focus on the government market, given the greater attention being paid to the risks that complex commercial and custom developed applications can introduce to the government infrastructure. This is especially important given that the U.S. federal IT spending budget is expected to increase to $70.9 billion in 2009 according to Forrester Research¹ with software procurement playing a significant factor within that budget. Veracode’s inclusion in the SEWP IV and ECS III contracting vehicles, coupled with its previously announced inclusion in the Patriot’s GSA schedule, will make it simpler for government agencies to purchase the Veracode’s SecurityReview® service designed to give a clear and independent assessment of an agencies application security risk.

“Participating in contracting vehicles such as SEWP IV and ECS III better positions Veracode to help government organizations identify and eradicate software vulnerabilities in internally and externally developed code,” Kimberly Baker, Vice President, Government and International Markets Veracode, Inc. said. “Government agencies are right to be concerned about the security of the applications they are introducing into their infrastructure. Most applications are deployed without a code review. The increased use of open source, SOA reusable components, third party code and COTS introduces unbounded risk to the agencies’ mission.”

SecurityReview is the first and only solution to offer binary vulnerability analysis to discover flaws in software. This means it is able to inspect entire application, including components and third party libraries, and does not require companies to expose valuable source code. With this service, which has been approved and added to the National Institute of Standards and Technology’s (NIST) binary scanning tool list, Veracode will be able to inspect entire applications. As part of this list, NIST acknowledges the advantages that binary code scanners have over source code scanners, namely the ability to look at the compiled code.

¹ Government Spending in IT, April 25, 2008, by Alan E. Webber, Forrester Research

About Veracode

Veracode is the world’s leader for on-demand application security testing solutions. Veracode SecurityReview is the industry’s first solution to use patented binary code analysis and dynamic web analysis to uniquely assess any application security threats, including vulnerabilities such as cross-site scripting (XSS), SQL injection, buffer overflows and malicious code. SecurityReview performs the only complete and independent security audit across any internally developed applications, third-party commercial off-the-shelf software and offshore code without exposing a company’s source code. Delivered as an on-demand service, Veracode delivers the simplest and most-cost effective way to implement security best practices, reduce operational cost and achieve regulatory requirements such as PCI compliance without requiring any hardware, software or training.

Veracode has established a position as the market visionary and leader with awards that include recognition as a Gartner “Cool Vendor” 2008, Info Security Product Guide’s “Tomorrow’s Technology Today Award 2008,” Information Security “Readers’ Choice Award 2008,” AlwaysOn Northeast's "Top 100 Private Company 2008", NetworkWorld “Top 10 Security Company to Watch 2007,” and Dark Reading’s “Top 10 Hot Security Startups 2007.”

Based in Burlington, Mass., Veracode is backed by .406 Ventures, Atlas Venture and Polaris Venture Partners. For more information, visit www.veracode.com.

Contact:
Beth Cossette
Lois Paul & Partners
781-782-5715
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it

Site Map | Responsible Disclosure Policy | Privacy Policy | Contact Us

Veracode offers the first on-demand, application security solution that provides automated application security testing through an easy-to-use, software-as-a-service delivery model. By providing code analysis and web application security testing as a service, organizations have no software or hardware to purchase, install, maintain or upgrade.

With Veracode, enterprises can use application security assessment to achieve code security and implement testing into their secure software development life cycle at key development milestones. For enterprises that want to improve SDLC security without sacrificing profitability or competitiveness, Veracode offers SecurityReview®. SecurityReview combines static, dynamic, and manual testing capabilities and scans code after it has been compiled—at the binary level or "byte" code level rather than the source level, as other solutions do. This offers two distinct advantages: One, binary code analysis is more efficient, so vulnerabilities can be found more quickly and with fewer false positives. And two, binary code analysis is the most complete application security testing method because all code can be scanned regardless of origin.

Information on other topics related to application security assurance, dynamic application security testing, XSS, SQL Injection, IT risk management, static code analysis, and offshore development are also available on this site.