The ability to rate software security levels allows companies to manage risk by determining whether or not the software meets their requirements.
– Diana Kelley, analyst, the Burton Group
The Veracode software ratings system Veracode offers the industry’s first standards-based ratings system for determining security levels in software. The Veracode ratings system provides a pragmatic way for enterprises and Independent Software Vendors (ISVs) to measure, compare and improve application security levels. Ratings Overview
The software industry is one of the largest manufacturing industries in the world, with $350 billion in off-the-shelf software sold each year, over $100 billion additionally in customized code. Despite the size, there is no standardized notion of software security quality even though the repercussions include product patches, data breaches leading to massive identity theft and fluctuations in corporate stock prices. Until now, independent software ratings have not been possible for two reasons:
Veracode’s application security testing solutions based on its on-demand service platform, industry standards and multiple testing techniques that don’t require any source code, make it possible for Veracode to function as an independent, trusted agent to both software vendors and enterprises. By producing a software security rating, software vendors and enterprises gain insight into the security quality of software similar to that provided by Moody's®, Standard and Poor's® or Consumer Reports® for other products. The rating system is an integral part of Veracode’s core solutions for implementing secure SDLCs, minimizing security risk related to third-party code and achieving compliance such as PCI-DSS and PA-DSS. Find out which standards are the foundation for Veracode’s Rating System Market your application through our “Verified by Veracode” logo program |