QAD, Inc


QAD, Inc

Application Name:

QAD Channel Islands

Assessment Technique(s):

Static Binary Analysis & Dynamic Analysis

Assurance Level:

High: critical for the business.

VerAfied since:


Application Description:

QAD Channel Islands offers a user experience to help manufacturers make better decisions and streamline transactions. Currently available to early adopters, the first phase of Channel Islands, called Anacapa, was introduced in 2015 and the second phase, called Santa Cruz, was introduced at QAD Explore 2016 in Chicago. One of the key Channel Islands’ goals is to make using QAD Cloud ERP simple and intuitive for the first time user while supporting the more flexible needs of advanced users that cross several roles. Channel Islands uses a Restful API based architecture to make it straightforward to adapt to currently popular user interface technology like HTML5 and to future-proof the user experience as new user interface technologies come to market.


In its reviewed state, the QAD WebUI and the QAD WebUI Javascript applications met or exceeded the security score outlined in the Veracode Risk Adjusted Verification Methodology for an application at the assurance level specified above. Veracode’s risk adjusted verification methodology is based on respected industry standards including MITRE’s Common Weakness Enumeration (CWE) for classification of software weaknesses and FIRST’s Common Vulnerability Scoring System (CVSS) for severity and ease of exploitability and NIST's definitions of assurance levels.