Veracode’s cloud-based service platform makes it easy for M&A Professionals to receive trusted, independent security assessments in a timely and cost-effective manner. Our M&A assessments are comprised of a simple four step process with Veracode managing the entire multi-party transaction from start to finish if desired, or integrating into a particular gate in your organizations already existing M&A process. All the Acquiring Company needs to provide is contact information for the Target Company and the name of the software product to be assessed and Veracode will complete the process. Here is how it works:
Acquirer sends contact information to Veracode regarding target company and applications to be assessed. Veracode will provide guidance on what modules should be assessed for thorough analysis and what security testing techniques are most appropriate. Veracode will manage the entire multi-party process and provision the Target company on the Veracode cloud-based platform to upload the target binary executables and required libraries (no source code required) for a static analysis (white box testing) or provide a URL for a dynamic analysis (black box testing).
Veracode conducts a vulnerability assessment which is completed within 24 hours according to the application assurance levels set by the Acquirer and the application complexity and composition.
Veracode will produce a complete security assessment report detailing the overall applications security quality and top security vulnerabilities for the Acquirer and make detailed vulnerability information available to the Target Company for remediation, if appropriate.
With the security report in hand, the Acquiring enterprise determines whether the Target Company applications passes the pre-defined security threshold and either consummates the transaction or requests remediation and resubmission till target threshold is achieved.