Open Source Ratings Database

Given the current economic conditions and the strong development communities of many open source projects, enterprises are leveraging open source to lower costs, gain flexibility and accelerate innovation. However, a major inhibitor to widespread enterprise adoption of open source for business critical applications has been the lack of insight into the security of the code.

SecurityReview for Open Source

Veracode’s Open Source Ratings Database, is a first of its kind, central repository for security insight into enterprise-class open source projects. This effort helps spread adoption and usage of open source projects, while enabling enterprises to gain an understanding of the risk/benefit trade-off of integrating open source versus commercially developed software.

Open Source Verified by Veracode

The Verified by Veracode rating means that Veracode has reviewed an open source application for application security vulnerabilities, such as the OWASP Top 10 and SANS Top 25, and has found that the open source project has taken due care in securely coding the application.

Working with the Community

Veracode works closely with the open source project teams to review findings of our static binary analysis and web vulnerability scanning to ensure accurate results which benefit both the open source community and the business users. Veracode clients and open source project teams have access to the Open Source Ratings Database to foster greater communication and collaboration between communities.