Software ProcurementSecure software procurement requires superior code analysisAs a growing number of cyber security threats are directed at the application layer, software procurement has become a more difficult task. Whether purchasing commercial off-the-shelf (COTS) software or acquiring applications from offshore vendors, enterprises have little insight into the vulnerabilities that may exist in these applications. The result is an unacceptable level of unbounded risk. Application security assessment software is of little help in this regard. These products traditionally scan source code, which is rarely available for review in the software procurement process. For a more effective and cost-efficient solution to achieving software security in the software procurement process, consider solutions from Veracode. Veracode: On-demand application testing for software procurementFounded by application security assurance experts from @stake, Guardent, Symantec, and Verisign, Veracode provides solutions that make software acceptance testing simple and affordable. Veracode Vendor SecurityReview® is an automated, on-demand, application security testing solution that makes it possible to achieve greater application security in the software procurement process. SecurityReview is built on the software-as-a-service (SaaS) model, delivering code security analysis on an as-needed basis. Instead of buying expensive software and hardware, enterprises can submit code to Veracode through an online platform and get results back in 24 to 72 hours. Veracode offers the most accurate results in the industry by using binary analysis and combining multiple testing techniques. Binary analysis is critical for software procurement. By scanning binary (compiled or "byte" code) instead of source code, Veracode can review 100 percent of an application, while competing products that scan source code can only review the portion of an application where source code is available—which occurs seldom or not at all in the procurement process. Veracode combines binary static analysis with dynamic analysis and manual penetration testing to offer the most comprehensive testing solution available today. Speed application procurement and secure software developmentAs an on-demand service, Veracode can speed software procurement timelines and accelerate speed-to-market in the software development process. Because it is so easy to use, developers and procurement officers can remain focused on their core competencies—they don't need to train to become software security experts. Veracode's results are delivered in a standards-based ratings format, making evaluation easier. And for developers, results are returned in a Fix-First Analysis, where vulnerabilities are prioritized by level of risk and ease of fixing them, so developers can work more efficiently. |
