Application Risk Management for Government Agencies

The Risk

The number of cyber incidents reported by federal agencies has increased at an alarming rate over the past 6 years. According to Gartner and the Computer Emergency Response Team, 75% of new attacks target the application level. Applications have become the new security perimeter, and their mobility is growing. The government is already making the move, migrating critical services into the cloud and offering citizens access to more than 100 mobile applications. As applications become more ubiquitous and their developers more diffuse, the need to manage these new risks is at an all time high.

The Management Imperative

The Federal Information Security Management Act (FISMA) and OMB require agencies to manage their information security risks, but facing down vulnerabilities within software has proven a unique challenge. Today’s applications are often comprised of multiple pre-compiled components, libraries, and open-source code. The U.S. Department of Homeland Security calls this “SOUP” or software of unknown pedigree. Identifying and evaluating vulnerabilities within this software demands independent application security testing and mitigation – which can often be a costly and time-consuming process. Veracode can help.

Securing Your Applications

As an expert in application security, Veracode uses patented binary code analysis and dynamic web analysis to uniquely assess application security threats, including vulnerabilities and malicious code. Veracode performs the only complete and independent security audit across internally developed applications, third-party commercial off-the-shelf software, and offshore code without exposing sourcecode. With no hardware or software to buy, install, maintain, or upgrade, agencies drastically reduce both their capital and operational expenses while implementing security best practices.