Liferay, Inc.


Liferay Inc.

Application Name:

Liferay Portal 6.2 Enterprise Edition

Assessment Technique(s):

Static Binary Analysis and Dynamic Analysis

Assurance Level:

Very High: Mission critical for the business.

VerAfied Since:


Application Description:

Liferay Portal is a flexible, Java-based web development platform with a core set of services out of the box for portal, web content management, document management, application integration, content workflow and social collaboration. The platform is the world's leading open source portal and one of the most widely deployed portal technologies on the market with nearly a million deployments worldwide. Applications range in size from intranet work group solutions to multimillion-user websites. Liferay Portal’s appeal includes the platform’s adherence to industry standards and support for a broad set of solutions such as lightweight, rich UI websites and highly secure, mission-critical applications. 
View Details

Liferay, Inc., a leading provider of enterprise open source portal and collaboration software products, services companies worldwide in nearly every industry and enjoys an open source community of more than 100,000 members. Clients include Allianz, BASF, Cisco Systems, Lufthansa Flight Training, Rolex SA, Siemens AG, The French Ministry of Defense, Toyota, and the United Nations. Liferay offers through a Liferay Portal Enterprise Subscription access to emergency fixes, software updates, 24/7 support SLAs, and subscription-only features. Liferay also offers professional services and training to ensure successful deployments for its customers.

In its reviewed state, the Liferay Portal met or exceeded the security score outlined in the Veracode Risk Adjusted Verification Methodology for an application at the assurance level specified above. Veracode’s risk adjusted verification methodology is based on respected industry standards including MITRE’s Common Weakness Enumeration (CWE) for classification of software weaknesses and FIRST’s Common Vulnerability Scoring System (CVSS) for severity and ease of exploitability and NIST's definitions of assurance levels.


While every precaution has been taken in the preparation of this document, Veracode, Inc. assumes no responsibility for errors, omissions, or for damages resulting from the use of the information herein. Due to the nature of software security testing, the lack of discoverable flaws does not mean the software is 100% secure.