Veracode provides industry-Leading technology to identify vulnerabilities in open source software used by Federal agencies and other organizations
BURLINGTON, Mass. — September 18, 2014 — Veracode, a leader in protecting modern enterprises from today’s pervasive web and mobile application threats, today announced that its cloud-based application security service will now be available via the Software Assurance Marketplace (SWAMP) initiative funded by the Department of Homeland Security (DHS). A first in the industry, the initiative seeks to better protect the nation’s critical infrastructure by advancing the state of cybersecurity and improving the resiliency of open source software used extensively across all types of industries.
Web and mobile applications have become the core fabric upon which our critical infrastructure and digital businesses rely. At the same time, as network perimeters have become tightly-secured to a large degree, cyber attackers are now directing their attention to the application layer for malicious attacks aimed at stealing customer information, intellectual property such as product designs and strategic plans, and other sensitive data. As a result, Web applications are now the number one attack vector for successful breaches, according to the Verizon DBIR.
In addition, Gartner predicts that by 2015, 95 percent of all mainstream IT organizations will leverage some element of open source software — directly or indirectly — within their mission-critical IT solutions. This makes it even more important for open source developers to continuously assess their applications using automated software analysis technologies to quickly and accurately identify significant vulnerabilities such as SQL Injection and Cross-Site Scripting.
“DHS SWAMP is an important initiative that benefits both private industry and government agencies, and we’re thrilled to have been invited to participate,” said Chris Wysopal, co-founder and CTO, Veracode. “SWAMP helps reduce the risk of future Heartbleed-like cyber threats, while providing government agencies with easy access to innovative software analysis technologies so they can learn and select the best approach for their needs.”
Veracode is recognized by Gartner as a Leader in the 2014 Magic Quadrant for Application Security Testing1. Unlike traditional static analysis tools that require developers to provide their confidential source code, Veracode’s patented binary static analysis technology analyzes all code — including open source and third-party components — without requiring access to source code. As a result, Veracode’s technology is ideally suited to SWAMP’s cloud-based platform because it allows developers to upload their software without the risk of exposing their intellectual property in the form of source code.
1 Gartner “Magic Quadrant for Application Security Testing," Neil MacDonald, Joseph Feiman, 1 July 2014
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.