Veracode Introduces SecurityReview For Application Risk Management

Expanded cloud-based subscription service simplifies managing application security risk and regulatory compliance across a diverse enterprise application portfolio

April 21, 2009

4 Min Read


Burlington, Mass. -- 20 April, 2009 -- Veracode Inc., provider of the world's leading Application Risk Management Platform, today announced that it has expanded its SecurityReview' cloud-based subscription service to simplify managing application security risk and regulatory compliance across a diverse enterprise application portfolio including internally developed, purchased, outsourced and open source applications. The enhanced Application Risk Management platform, available this calendar quarter, enables enterprises and ISVs to cost-effectively implement centralized governance and controls for software security across their entire portfolio while simultaneously providing a continuous skills development model for internal and extended development teams.

More than 62% of businesses have experienced a security breach in the last 12 months due to exploitation of vulnerabilities in their critical software applications, according to a new survey conducted by Forrester Research. Veracode SecurityReview provides organizations with a holistic approach to combat the epidemic of security breaches, compliance failures and business process interruptions.

"Being able to quantify and qualify the risk from applications, internally developed, outsourced or commercial software enables us to make informed acquisition and deployment decisions and protect our critical data," said, Stephen Scharf, CISO of Experian . "Having the ability to embed security training, integrate our existing internal testing and have insight into the security of open source through a single platform provides us with a clear and measureable compliance framework." With this release, Veracode's SecurityReview has expanded its industry leading static and dynamic application security testing to include:

Application Portfolio Management Veracode's Application Risk Management Platform enables organizations to identify, classify and track their entire application portfolio regardless of the origin of the application from a central console and set security policy based on compliance or industry standards such as PCI, SANS Top 25 or OWASP Top 10.

Developer Training and eLearning Web-based secure programming training modules for developers and security personnel are integrated directly into Veracode's Application Risk Management Platform enabling organizations to meet formal security training, CPE credit and competency testing requirements and to continuously improve their skills through targeted.

Open Source Ratings Database (OSRDB) Through Veracode's Open Source Ratings Database, organizations gain access to a growing catalog of independent security ratings for enterprise-class open source projects to understand the risk of integrating open source software into applications or deploying in their critical software infrastructure.

Integration of 3rd Party Testing products and services Enterprises, consultants and third party providers can upload results of penetration testing directly into Veracode's platform providing a single framework for managing application risk regardless of testing method or vendor.

Integration with Enterprise Governance, Risk and Compliance Frameworks Recently announced, enterprises will have direct access to Veracode's SecurityReview application risk management data within Archer's SmartSuite Framework, allowing centralized management of critical business intelligence for internal and externally sourced applications.

Unlimited Usage Subscriptions Unlimited usage is designed to overcome complex pricing models associated with on-premise software licenses ranging from per seat, per CPU, and/or per line of code pricing schemes. Veracode's Software-as-a-Service (SaaS) subscription enables organizations to do more with less by leveraging Veracode's cloud-based platform to conduct unlimited security assessments.

"Most companies know there's an application security problem," said Diana Kelley principal analyst, SecurityCurve. "Today's application development, testing, purchasing, and outsourcing processes are often poorly managed and ad-hoc, leading to inefficient spending and uneven results. To achieve consistent application risk governance, organizations need to implement coherent, repeatable processes within an enterprise-wide application risk framework."

"The security landscape has clearly changed," said Matt Moynahan, CEO of Veracode. "The combination of economic conditions, ad-hoc approaches and the exponential increase of data breaches as a result of insecure software require a new framework to manage application risk. Veracode's recent service enhancements demonstrate our continued commitment to providing our customers with a simple, intuitive and turnkey approach to implementing effective application security programs. By leveraging Veracode's cloud-based application risk management infrastructure, organizations can protect their employee, customer and partner data in a rapid and cost-effective enterprise-wide deployment model."

About Veracode Veracode provides the world's leading Application Risk Management Platform. Veracode SecurityReview's patented and proven cloud-based capabilities allow customers to govern and mitigate software security risk across a single application or an enterprise portfolio with unmatched simplicity. Customers include the world's largest and most security aware organizations in every industry. Recognized as a Gartner "Cool Vendor" and with The Wall Street Journal's "Technology Innovation Award," The Banker's "Information Security Project of the Year" with Barclays, SC Magazine's "Best Vulnerability Assessment Solution," Information Security "Readers' Choice Award," and AlwaysOn Northeast's "Top 100 Private Company," Veracode is Software Security Simplified. For more information, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights