VAST Program

Veracode’s VAST Program helps enterprises to understand and better manage the security risks inherent in the vendor software supply chain with trust and mutual assurance.

Get our Secure Software Supply Chain Toolkit!


VAST Program

Today’s enterprise software portfolios are huge. Managing the risks inherent in vendor applications is daunting. For attesting the security of vendor software, the solution is VAST.

Veracode’s Vendor Application Security Testing (VAST) program helps enterprises with vendor assessment and to better understand and reduce the security risks associated with the use of vendor-supplied software. VAST Programs strengthen vendor compliance with enterprise IT’s application security policies by analyzing and attesting to the security posture of each application in the organization’s software supply chain. The VAST solution is the industry’s first comprehensive vendor application security compliance program – a part of sound governance, risk management, IT vendor management and regulatory efforts.

Your IT Supply Chain is Only as Strong as Your Weakest Link.*

*Gartner, Living in a World Without Trust: When IT's Supply Chain Integrity and Online Infrastructure Get Pwned, Neil MacDonald and Ray Valdes, October 2012

Get the Full Report Now

In administrating VAST, Veracode acts as an independent party offering trust and mutual assurance to all participants. VAST provides distinct benefits for an enterprise as well as its vendors and suppliers. Independent software vendors and outsourced application providers are invited to participate in the program’s success. We protect the intellectual property rights of the vendor while provide unbiased attestation of their software’s security posture. Software vendors receive detailed, prioritized remediation guidance to aid policy compliance, while the enterprise customer receives detailed program status reporting. Veracode brokers and manages the program while setting reasonable application security compliance goals.

vast programThe VAST solution combines application security expertise, proven compliance processes, and cloud-based testing technology. The analysis process is automated via the Veracode platform, which can handle most applications regardless of core technology, origin, or deployment method. The platform analyzes vendor software whether installed or cloud-based, commercial or outsourced.

Only VAST pursues a systematic course of action that partners with – not punishes – vendors. Only VAST offers the level of customer support required to uniquely facilitate this kind of collaboration. Only VAST delivers a completely managed program for successful vendor assessment and vendor security risk management.