Today’s enterprise software portfolios are huge. Managing the risks inherent in vendor applications is daunting. For attesting the security of vendor software, the solution is VAST.
Veracode’s Vendor Application Security Testing (VAST) program helps enterprises with vendor assessment and to better understand and reduce the security risks associated with the use of vendor-supplied software. VAST Programs strengthen vendor compliance with enterprise IT’s application security policies by analyzing and attesting to the security posture of each application in the organization’s software supply chain. The VAST solution is the industry’s first comprehensive vendor application security compliance program – a part of sound governance, risk management, IT vendor management and regulatory efforts.
In administrating VAST, Veracode acts as an independent party offering trust and mutual assurance to all participants. VAST provides distinct benefits for an enterprise as well as its vendors and suppliers. Independent software vendors and outsourced application providers are invited to participate in the program’s success. We protect the intellectual property rights of the vendor while provide unbiased attestation of their software’s security posture. Software vendors receive detailed, prioritized remediation guidance to aid policy compliance, while the enterprise customer receives detailed program status reporting. Veracode brokers and manages the program while setting reasonable application security compliance goals.
The VAST solution combines application security expertise, proven compliance processes, and cloud-based testing technology. The analysis process is automated via the Veracode platform, which can handle most applications regardless of core technology, origin, or deployment method. The platform analyzes vendor software whether installed or cloud-based, commercial or outsourced.
Only VAST pursues a systematic course of action that partners with – not punishes – vendors. Only VAST offers the level of customer support required to uniquely facilitate this kind of collaboration. Only VAST delivers a completely managed program for successful vendor assessment and vendor security risk management.