Duff & Phelps


Duff & Phelps

Company Description:

Transparency. Confidence. Trust. These principles are the bedrock of our financial system. They can’t be bought, sold or traded. Since the early 1900s, Duff & Phelps has worked with clients to embrace and protect these fundamental ideals—to create transparency in an opaque world.

People who need to know where they stand, where they really stand, come to Duff & Phelps. We tell our clients what they need to know—not what they want to hear.

We value technical skill & industry expertise.

We value global knowledge & local insight.

We value transparency & independence.

Above all, we value our colleagues, our clients & their success.

We triangulate theory, numbers, facts and opinions, laws and regulations, fears and goals. We listen, question, perform…then listen and question again. We deliver solid, defensible analysis and practical advice to protect, restore and maximize value.

This is our work. This is the Duff & Phelps difference.

Application Name:


Application Description:

Supply chain data security is a critical area of concern because trusted partners are often the weakest point in your defense against cyber-attacks. With the continued rise of cyber threats, it’s essential that you have a deep understanding of partners’ cyber security and resilience.


CyberClarity360™ streamlines decision making and simplifies understanding your supply chain cyber risk. The CyberClarity360™ Score provides an independent, objective and transparent assessment of your external partners, including unique insights into often overlooked non-technical risk areas. CyberClarity360™ allows external partners to share their CyberClarity360™ Score and assessment history with their corporate customers, eliminating the need to respond to client’s individual questionnaires

Assessment Technique(s):

  • Static Binary Analysis
  • Dynamic Analysis

Assurance Level:

High: critical for the business.

In its reviewed state, the Duff & Phelps application met or exceeded the security score outlined in theCA Veracode risk adjusted verification methodology for an application at the assurance level specified above. CA Veracode’s risk adjusted verification methodology is based on respected industry standards includingMITRE’s Common Weakness Enumeration (CWE) for classification of software weaknesses and FIRST’s Common Vulnerability Scoring System (CVSS) for severity and ease of exploitability and NIST's definitions of assurance levels.


While every precaution has been taken in the preparation of this document, CA Veracode, Inc. assumes no responsibility for errors, omissions, or for damages resulting from the use of the information herein. Due to the nature of software security testing, the lack of discoverable flaws does not mean the software is 100% secure.




contact menu