Application Name:

Derivitec Risk Portal

Assessment Technique(s):

Static Binary Analysis
Dynamic Analysis

Assurance Level:

High: critical for the business.

VerAfied since:


Application Description:

Derivitec is a UK based financial technology startup specialising in risk and portfolio management solutions. Founded at the end of 2011, it has been working to provide users with a cost effective, scalable approach to derivatives management, straight from the web.

Its flagship product, the Derivitec Risk Portal, was released in November 2014. As security is paramount in enterprise web applications, we decided to use Veracode for both static and dynamic white box security analysis. The application has now been VerAfied and is fully PCI compliant.


In its reviewed state, the Derivitec Risk Portal met or exceeded the security score outlined in the Veracode Risk Adjusted Verification Methodology for an application at the assurance level specified above. Veracode’s risk adjusted verification methodology is based on respected industry standards including MITRE’s Common Weakness Enumeration (CWE) for classification of software weaknesses and FIRST’s Common Vulnerability Scoring System (CVSS) for severity and ease of exploitability and NIST's definitions of assurance levels.