Step 2 - Get VERAFIED

The VERAFIED security marks signify that a software provider has taken appropriate steps to remove vulnerabilities in their software or to comply with respected industry standards such as the OWASP Top 10 or the CWE/SANS Top 25 Most Dangerous Software Errors. A VERAFIED mark and Directory listing provides insight into the security quality of the software similar to the insights provided by independent organizations such as Standard and Poor's® and Consumer Reports®. The software assessment is completely transparent and based on the widely used Common Vulnerability Scoring System (CVSS). While no security assessment can provide complete assurance that vulnerabilities in software do not exist, software that receives a VERAFIED mark can be actively promoted as having applied due care, received proper testing, and achieved a desirable level of security quality.

 

The VERAFIED security mark indicates that software has been independently assessed and found to have no “very high”, “high” or “medium” severity vulnerabilities, nor any OWASP Top 10 or CWE/SANS Top 25 vulnerabilities that could be discovered with automated analysis.

The VERAFIED HIGH ASSURANCE security mark for OWASP Top 10 is recommended for web applications of the highest criticality. It indicates that software has been independently assessed with both automated analysis and manual assessment and found to have no “very high”, “high”, or “medium” severity vulnerabilities, nor any of the OWASP Top 10 for 2010. This list represents a broad consensus on the most critical web application security flaws.

The VERAFIED HIGH ASSURANCE security mark for CWE/SANS Top 25 Most Dangerous Software Errors is recommended for non-web applications of the highest criticality. It indicates that software has been independently assessed with both automated analysis and manual assessment and found to have no “very high”, “high”, or “medium” severity vulnerabilities, nor any of the 2010 CWE/SANS Top 25 Most Dangerous Software Errors. This list represents the most significant errors that can lead to serious software vulnerabilities.

 

 

Get Your App VERAFIED

You should earn the VerAfied security mark to differentiate your product with partners, prospects, and customers and demonstrate compliance with standards such as PCI. To get started Veracode will provide qualified software providers with a free automated security scan. Click here to get started.

 

 

contact menu