Outsourcing SecurityReview: How it Works

Outsourcing SecurityReview is designed for enterprises to ensure that their outsourced applications are secure. Veracode’s Rating System is a simple four-step program- the 4-S Program: Start, Scan, Score and Secure. All the enterprise needs to provide is contact information for their outsourced development partner and the applications they would like to have assessed and Veracode will complete the process. Here is how it works:

1. Start

Enterprise sends contact information to Veracode regarding outsourced development partner and applications they would like to have assessed. The outsourced development partner uploads the binary executables (no source code required) and/or provides a URL for web scanning.

2. Scan

Veracode conducts vulnerability testing which is completed within 24 to 72 hours depending on the size and complexity of the application.

3. Score

Veracode creates a rating for each application based on industry-standard benchmarks from NIST, CVSS and CWE which is provided to both the enterprise and the outsourced development partner. As an independent trusted advisor, Veracode sends the full disclosure of all detailed information only to the outsourced development partner.

4. Secure (Your Enterprise)

With the security rating in hand, the enterprise determines which applications pass a pre-defined security threshold (e.g. "A"-Rating as a minimum threshold) as part of the application acceptance process.