Veracode Analytics is a first-of-its-kind application intelligence service that gives executives a way to better understand the threat space their application portfolio faces and enables them to quantitatively compare the security of their applications against not only their peers but also the rest of the world. Customers can set peer-based or industry-based benchmarks for security quality of internally developed software, establish appropriate third-party purchase and acceptance criteria, and address increasingly thorough audit or compliance requirements.
The Case for Application Intelligence
Software applications are the enterprise’s new security perimeter. Today’s applications control access to financial data, public service infrastructure, patient health records, personal information on mobile devices and more. Their weaknesses have become the target of most new attacks. Exploited vulnerabilities such as backdoors, malicious code, and Zero-day flaws have had expensive and embarrassing consequences.
We conceptually know that applications are vulnerable. However, real information and meaningful metrics are needed about why software remains so insecure and what can be done to improve the status quo. If a CISO knew that between 30 and 70 percent of all code in what they thought of as internally developed applications was identifiably from third-parties, how would that inform their approach to vendor and third-party risk management? If a VP of Engineering was equipped with hard facts to dispel the fear surrounding use of open source software, how would that impact the software architecture and cost of building new products? If there was a way to compare the state of an enterprises’ software security vs. peers in the industry, how would that help build the case for appropriate funds allocation for an enterprise’s application risk management program?
Veracode Analytics Highlights: