Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Security and compliance management with SecurityReview

Veracode : 21 April, 2009  (New Product)
Cloud based service from Veracode enables simplified compliance with security and risk management
Veracode has expanded its SecurityReview cloud-based subscription service to simplify managing application security risk and regulatory compliance across a diverse enterprise application portfolio including internally developed, purchased, outsourced and open source applications. The enhanced Application Risk Management platform, available this calendar quarter, enables enterprises and ISVs to cost-effectively implement centralized governance and controls for software security across their entire portfolio while simultaneously providing a continuous skills development model for internal and extended development teams.

More than 62% of businesses have experienced a security breach in the last 12 months due to exploitation of vulnerabilities in their critical software applications, according to a new survey conducted by Forrester Research. Veracode SecurityReview provides organizations with a holistic approach to combat the epidemic of security breaches, compliance failures and business process interruptions.

"Being able to quantify and qualify the risk from applications, internally developed, outsourced or commercial software enables us to make informed acquisition and deployment decisions and protect our critical data," said, Stephen Scharf, CISO of Experian . "Having the ability to embed security training, integrate our existing internal testing and have insight into the security of open source through a single platform provides us with a clear and measureable compliance framework."

With this release, Veracode's SecurityReview has expanded its industry leading static and dynamic application security testing to include:

* Application Portfolio Management - Veracode's Application Risk Management Platform enables organizations to identify, classify and track their entire application portfolio regardless of the origin of the application from a central console and set security policy based on compliance or industry standards such as PCI, SANS Top 25 or OWASP Top 10.

* Developer Training and eLearning - Web-based secure programming training modules for developers and security personnel are integrated directly into Veracode's Application Risk Management Platform enabling organizations to meet formal security training, CPE credit and competency testing requirements and to continuously improve their skills through targeted.

* Open Source Ratings Database (OSRDB) - Through Veracode's Open Source Ratings Database, organizations gain access to a growing catalog of independent security ratings for enterprise-class open source projects to understand the risk of integrating open source software into applications or deploying in their critical software infrastructure.

* Integration of 3rd Party Testing products and services - Enterprises, consultants and third party providers can upload results of penetration testing directly into Veracode's platform providing a single framework for managing application risk regardless of testing method or vendor.

* Integration with Enterprise Governance, Risk and Compliance Frameworks - Recently announced, enterprises will have direct access to Veracode's SecurityReview application Risk Management data within Archer's SmartSuite Framework, allowing centralized management of critical business intelligence for internal and externally sourced applications.

* Unlimited Usage Subscriptions - Unlimited usage is designed to overcome complex pricing models associated with on-premise software licenses ranging from per seat, per CPU, and/or per line of code pricing schemes. Veracode's Software-as-a-Service (SaaS) subscription enables organizations to do more with less by leveraging Veracode's cloud-based platform to conduct unlimited security assessments.

"Most companies know there's an application security problem," said Diana Kelley principal analyst, SecurityCurve. "Today's application development, testing, purchasing, and outsourcing processes are often poorly managed and ad-hoc, leading to inefficient spending and uneven results. To achieve consistent application risk governance, organizations need to implement coherent, repeatable processes within an enterprise-wide application risk framework."

"The security landscape has clearly changed," said Matt Moynahan, CEO of Veracode. "The combination of economic conditions, ad-hoc approaches and the exponential increase of data breaches as a result of insecure software require a new framework to manage application risk. Veracode's recent service enhancements demonstrate our continued commitment to providing our customers with a simple, intuitive and turnkey approach to implementing effective application security programs. By making use of Veracode's cloud-based application Risk Management infrastructure, organizations can protect their employee, customer and partner data in a rapid and cost-effective enterprise-wide deployment model."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo