3rd Party Analysis

Veracode provides independent verification and validation of third party, open source, and outsourced applications without the need for source code or costly on-site consultants.

View our webinar on 3rd Party Risk.

Veracode Application Security 3rd Party Analysis

Veracode’s State of Software Security report indicated that up to 40% of applications are considered 3rd-party applications by customers. It further revealed that between 30 and 70% of applications that are thought of as internally developed are actually comprised of 3rd-party libraries and components. 40% of applications analyzed by Veracode’s customer base were identified as third-party (commercial, outsourced or open source) applications by the submitter. In the light of these findings it is an imperative to manage risk from third-parties as represented by the extended software supply chain of commercial software vendors, open source code and outsourcers. By offering a security assessment on an unlimited number of vendors, Veracode provides organizations with the only viable solution for verifying security of 3rd-party applications in a cost-effective and scalable manner.

Software Supply Chain

Below are some of the key features made available as part of this service:

Application Portfolio Dashboard:

Leverage a centralized view of risk and security information to manage, set policy, track and report on all your 3rd-party software vendors.

Automated Code Review:

Veracode’s patented automated static binary analysis reviews the final integrated application, including libraries and 3rd party components, without requiring your vendors to expose their intellectual property in the form of source code. Enterprises are able to request an assessment of a third-party on the platform. Vendors simply upload their binaries to the Veracode platform and we manage the overall process. The service allows for any number of remediation scans to allow the vendor to achieve the security threshold deemed acceptable by the Enterprise.

Enterprise Summary Reports, Vendor Detailed Reports:

In order to respect intellectual property ownership, Veracode only makes available the detailed findings to the 3rd-party vendor and a high-level summary report for the enterprise. The summary report provides the overall security quality score with enough information on the application’s performance for the enterprise to make a purchase or acceptance decision.

Download the 3rd Party Program Frequently Asked Questions