Application Security Analytics

Veracode Analytics empowers organizations to address compliance requirements by giving access to peer and industry reports on security quality. Sign up for a Free Trial of Veracode Analytics!


State of Software Security Report

Download

Veracode Analytics

Veracode Analytics is a first-of-its-kind application intelligence service that gives executives a way to better understand the threat space their application portfolio faces and enables them to quantitatively compare the security of their applications against not only their peers but also the rest of the world. Customers can set peer-based or industry-based benchmarks for security quality of internally developed software, establish appropriate third-party purchase and acceptance criteria, and address increasingly thorough audit or compliance requirements.

The Case for Application Intelligence

Software applications are the enterprise’s new security perimeter. Today’s applications control access to financial data, public service infrastructure, patient health records, personal information on mobile devices and more. Their weaknesses have become the target of most new attacks. Exploited vulnerabilities such as backdoors, malicious code, and Zero-day flaws have had expensive and embarrassing consequences.

We conceptually know that applications are vulnerable. However, real information and meaningful metrics are needed about why software remains so insecure and what can be done to improve the status quo. If a CISO knew that between 30 and 70 percent of all code in what they thought of as internally developed applications was identifiably from third-parties, how would that inform their approach to vendor and third-party risk management? If a VP of Engineering was equipped with hard facts to dispel the fear surrounding use of open source software, how would that impact the software architecture and cost of building new products? If there was a way to compare the state of an enterprises’ software security vs. peers in the industry, how would that help build the case for appropriate funds allocation for an enterprise’s application risk management program?

Veracode Analytics Highlights:

  • Industry’s first complete application intelligence and data analytics service.
  • Allows Executives to set objectives for security quality and application risk using actual code-level metrics.
  • Informs acceptance criteria in contract negotiations with 3rd parties.
  • Aggregates statistics from growing database of thousands of applications and billions of lines of code.
  • Covers findings from multiple testing techniques – static, dynamic, manual.
  • Covers entire software supply chain – Internally developed, Commercial, Open Source and Outsourced.
  • Covers web and non-web applications across broad set of languages and platforms including Java, .Net, C/C++.
  • Powerful ‘Compare Me’ capability to allow performance benchmarking against industry standards and peer group.
  • Awarded CSO Magazine’s Emerging Solutions Demo Award.