Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/20/2010
03:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Veracode To Launch ZeroDay Labs

Core to its community-building goals, ZeroDay Labs will offer code-level examples of vulnerabilities drawn from member experiences

Burlington, Mass. – May 20, 2010 – Veracode, Inc., provider of the world’s leading cloud-based application risk management services platform, today announced the formation of ZeroDay Labs™, a free destination website for education, collaboration and community building for security-aware professionals. Software developers, security teams, CSOs/CISOs, security consultants and Veracode partners, among others, will benefit from access to timely, valuable data and research related to achieving software quality and application security goals. To learn more, visit http://www.veracode.com/zerodaylabs.

The mission of ZeroDay Labs is to host a dedicated website and shared resource where visitors can interact, contribute and learn how to identify new security gaps, improve the accuracy of real-world application vulnerability detection, and communicate findings in order to improve the state of software security. ZeroDay Labs is led by members of Veracode’s core research team including Chris Wysopal, co-founder and CTO; Chris Eng, senior director, security research; and Tyler Shields, senior security researcher.

ZeroDay Labs Calls for Binary and Source Code Submissions

Core to its community-building goals, ZeroDay Labs will offer code-level examples of vulnerabilities drawn from member experiences. As the community grows, based on voluntary submissions, Veracode will accelerate awareness and remediation efforts by sharing real-world examples among participants.

Code submissions are not limited to Veracode customers. Organizations are encouraged to submit one application, free of charge, to the VerAfied Software Directory, a list of Independent Software Vendors (ISVs), service providers and enterprises that have successfully completed the Veracode Security Verification Process for their software product and/or infrastructure, and achieved the VerAfied™ security mark. The VerAfied mark indicates that an application has received an independent security verification from Veracode and the provider has resolved or mitigated any vulnerabilities identified by automated static binary analysis and automated dynamic analysis (if applicable).

Submissions can be made two ways: known vulnerabilities, where organizations can then use the assessment to automate detection across their portfolio; or unknown, where manual source code review is used to augment and improve static binary analysis. For known and unknown vulnerabilities, Veracode will use the results to automate detection. To date, Veracode has analyzed more than 1,600 applications across 15 industries, representing billions of lines of code. To learn more about the submission process, visit http://www.veracode.com/directory.

“Think of ZeroDay Labs and our VerAfied Software Directory like the Centers for Disease Control. With the more patient information and case detail submitted to the CDC, the more effective physicians around the world can become in terms of prescribing treatments,” said Chris Wysopal, co-founder and CTO, Veracode, Inc. “In the case of our Software Directory, the richer the database of software vulnerabilities across industries, languages and technical platforms, the more security and development teams can learn about ensuring the highest degree of application risk management and performance in their own environments.”

The ZeroDay Community

ZeroDay Labs is home to Veracode’s ZeroDay Labs blog as well as technical articles, whitepapers and other information available for download, organized by technical architecture and language such as Java, C/C++ and .NET. The site is also a source of information about the company’s involvement with the extended security-aware community, detailing its participation in regional events associated with organizations like ISACA, ISSA, OWASP and .NET User Groups.

ZeroDay Labs will continue to evolve with the addition of an aggregate of RSS and other feeds from relevant sites, companies and partners. The ZeroDay community forum will serve as a social network connection where security software professionals can discuss newly identified vulnerabilities, such as those recently reported in widely used Open Source software solutions to mitigate vulnerabilities, and other technical topics. It will also be connected to other social network capabilities such as LinkedIn, Facebook and Twitter.

About Veracode

Veracode is the world’s leader in cloud-based application risk management. With patented binary code analysis, dynamic Web assessments and developer e-learning, Veracode SecurityReview' is the most accurate and cost-effective way to independently verify application security in both internally developed applications and third-party software without requiring source code or expensive tools. Veracode provides the most simple, complete way to implement security best practices, reduce operational cost and comply with internal security policies or external standards such as OWASP Top 10, CWE/SANS Top 25 and PCI. Veracode works with global organizations across multiple vertical industries including Barclays PLC, California Public Employees’ Retirement System (CalPERS), Computershare and the Federal Aviation Administration (FAA). For more information, visit www.veracode.com, follow on Twitter @Veracode or read the ZeroDay Labs blog.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26077
PUBLISHED: 2021-05-10
Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring...
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.